activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <>
Subject Re: Actually getting Stomp support to a usable state...
Date Thu, 21 Jun 2007 08:04:59 GMT
On 6/21/07, Tom Samplonius <> wrote:
> ----- "James Strachan" <> wrote:
> ...
> > Just use the JAAS plugin in ActiveMQ and you're good to go; the Stomp
> > code uses whatever security plugin you're using
>   As has been discussed, this is broken, and has been since 4.1.1 or earlier.
>   Is there any sort of roadmap to the ActiveMQ internals,

We use JIRA for the roadmap...

> so I can take a stab at fixing this without having to start from scratch?

Awesome! We *love* contributions....

> All of the wire protocols tie back to some sort of core, where auth is evaluated.  And
that is supposed to flow back to the wire protocol again.
>   And the ActiveMQ core just depends on the protocol to do the right thing.  If the auth
failed, it will still take successive commands.

Yeah, that sounds an easy one to fix; we just need to disconnect the
socket if a connection fails I guess? Fancy taking a stab at it? Am
thinking some code in ProtcolConverter if an exception occurs on the
response, to just close the connection (after the ERROR is sent back).

> > I know lots of folks using both the Web Console and Stomp in
> > production with security
>   But I don't know how this could be possible, unless people just haven't tried with
a mis-spelled password.  And there isn't a release version of ActiveMQ that doesn't lose Stomp
messages one way or another.  So I have to assume that they production sites are using snapshots

Which message loss thing is that? Is there a JIRA?

>   But Stomp support is as buggy as hell in ActiveMQ.

Thats a little strong, AFAIK there's only a couple of bugs...

> It seems that the ActiveMQ project operates in some sort of twilight mode.  Most projects
would have issued a security advisory.  Doesn't the Apache Foundation require its projects
to issue security advisories for serious security problems?  Doesn't the "Apache Way" include,
"security as a mandatory feature"?

FWIW most JMS providers come with no security at all out of the box;
as MOMs are typically run inside the firewall & security is usually
enabled by changing the default configuration.

But you are right, we should log a warning that security in STOMP does
not work properly, so a mis-behaving stomp client could actually do
bad things.

>   If no one can fix Stomp, that's fine, but it should be at least be disabled on default

We may as well fix this bug before the next release, rather than doing
a release just to disable stomp support


View raw message