Return-Path: 
 <users-return-12106-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org>
Delivered-To: apmail-activemq-users-archive@www.apache.org
Received: (qmail 80527 invoked from network); 4 Jan 2008 21:13:40 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 4 Jan 2008 21:13:40 -0000
Received: (qmail 36853 invoked by uid 500); 4 Jan 2008 21:13:28 -0000
Delivered-To: apmail-activemq-users-archive@activemq.apache.org
Received: (qmail 36830 invoked by uid 500); 4 Jan 2008 21:13:28 -0000
Mailing-List: contact users-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@activemq.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@activemq.apache.org>
List-Post: <mailto:users@activemq.apache.org>
List-Id: <users.activemq.apache.org>
Reply-To: users@activemq.apache.org
Delivered-To: mailing list users@activemq.apache.org
Received: (qmail 36821 invoked by uid 99); 4 Jan 2008 21:13:28 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jan 2008 13:13:28 -0800
X-ASF-Spam-Status: No, hits=0.2 required=10.0
	tests=SPF_PASS,WHOIS_MYPRIVREG
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of chirino@gmail.com designates
 209.85.146.182 as permitted sender)
Received: from [209.85.146.182] (HELO wa-out-1112.google.com) (209.85.146.182)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jan 2008 21:13:15 +0000
Received: by wa-out-1112.google.com with SMTP id k22so11675608waf.0
        for <users@activemq.apache.org>; Fri, 04 Jan 2008 13:13:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        bh=OFAV+ni+MDfYFZQXeJU7i/jB5Dj7+29aqnVylPPwo8Y=;
        b=t+iC1HdyuL9IEs8vegt0/WOtyH9zTSH+ONzMXDUj4+FcRC+iM1+J6eywbPK1fZrB+225cjyyL2eJby0sNpD7Nv3OZnjDQsXGVSohYjuh3ufNneUpOSp0Y1P2CI24N5OGWijh0mFC5a/TD7UK/6FO+Z+dkXEKKkETCgYf/c6kkVU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        b=ZWcvIvRg5F0S/cz0rsFT1WJOe3849XyW9PpDcotI4GrrWLosvkcGiC1VTzg+AFBQ2RQTZPm3kzcinapNhuR90bDkMb+F28L8VClbzidiGZ6belrBKraM5ojDv/+AEG8QBJ62KHHpsT/I3uHcYBNzT7aYnlp7VaPwTA6RWw1z9NE=
Received: by 10.114.78.1 with SMTP id a1mr18987886wab.102.1199481185006;
        Fri, 04 Jan 2008 13:13:05 -0800 (PST)
Received: by 10.114.160.2 with HTTP; Fri, 4 Jan 2008 13:13:04 -0800 (PST)
Message-ID: <af2843cd0801041313r51ab27fct66504ce2d0fd48d8@mail.gmail.com>
Date: Fri, 4 Jan 2008 16:13:04 -0500
From: "Hiram Chirino" <hiram@hiramchirino.com>
Sender: chirino@gmail.com
To: users@activemq.apache.org
Subject: Re: Secure a subset of destinations
In-Reply-To: <14597771.post@talk.nabble.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <14435506.post@talk.nabble.com> <14437536.post@talk.nabble.com>
	 <14595944.post@talk.nabble.com>
	 <ec6e67fd0801030538l38798bafj4b734161028013d9@mail.gmail.com>
	 <14597771.post@talk.nabble.com>
X-Google-Sender-Auth: e09538a95930531d
X-Virus-Checked: Checked by ClamAV on apache.org

That sounds about right.

You should also be aware that it's legal to create a producer with a
null destination.  So you should really check on each send.

Regards,
Hiram

On Jan 3, 2008 9:35 AM, joe.stapleton <joe.stapleton@betfair.com> wrote:
>
> Thanks James. If I was to add an interceptor to block addConsumer/addProducer
> calls to a set of destinations unless the connection is made over a
> particular transport connector would I disrupt the broker->broker
> communication within the network of brokers?
>
> If this is feasible what would be the correct way to determine whether an
> inbound connection was being made over SSL? Something like the fragment
> below with a well named TransportConnector?
>
>         public Subscription addConsumer(ConnectionContext context,
> ConsumerInfo info) throws Exception {
>                 if (destinations.contains(info.getDestination())) {
>                         if (((TransportConnector)context.getConnector()).getName().equals("ssl"))
> {
>                                 return super.addConsumer(context, info);
>                         } else {
>                                 throw new SecurityException("Not accessed over ssl");
>                         }
>                 } else {
>                         return super.addConsumer(context, info);
>                 }
>         }
> --
> View this message in context: http://www.nabble.com/Secure-a-subset-of-destinations-tp14435506s2354p14597771.html
>
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>



-- 
Regards,
Hiram

Blog: http://hiramchirino.com

Open Source SOA
http://open.iona.com