activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ttmdev <>
Subject Re: Access control on the message queue
Date Wed, 12 Mar 2008 14:11:01 GMT

Sounds like what you may be looking for are LDAP Authorization and
Authentication plugins? That is, retrieve user security information from one
central directory service or repository. Maybe take a look at Acegi; I think
Acegi is or was on the ActiveMQ road map. 

I think ActiveMQ's plugin architecture should provide you with the freedom
and flexiblity you're looking for.

Goto for a free ActiveMQ user guide

Natit wrote:
> i'd like to create a plugin that handles all user authentication in a
> simple way. I do not want to use JAAS, and i need to sync the authorized
> users and topics with another application.
> I would like a plugin template that has something with a similar
> signature:
> boolean canRead(ConnectionInfo,ActiveMQDestination);
> boolean canWrite(ConnectionInfo,ActiveMQDestination);
> boolean isAdmin(ConnectionInfo,ActiveMQDestination);
> And for user authorization something like
> boolean canLogin(ConnectionContext,ConnectionInfo);
> but alas i have not found one.
> I need to be able to add users and modify the authorization levels on the
> fly based on data from outside active mq so using the simpleAuthplugin
> with XML files is not a solution. Can anyone point me in the right
> direction? Haveing looked at the plugin templates i can not really find
> one i can use. The user numbers we are talking about here will range from
> a few hundred online up to around 3000 at maxium. There will not be a huge
> number of messages sent however.
> Is it not possible to leave all access control of users, clients and
> topic/queues up to the me without haveing to go through all the inner
> workings of activeMQ? For me atleast it would be logical to have a plugin
> with the freedom to approve or deny all user activity. I don't need to get
> involved into how active mq deals with security after the point i said yes
> its ok, or no its not ok. But i do need to be able to permit or deny
> something without a massive unnecessary program flow.

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message