activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abdul Alhazred <>
Subject Re: Adding users on the fly ACTIVEMQ
Date Thu, 24 Apr 2008 16:57:41 GMT

Right. OK, there are a couple of different issues.

1) If ALL you want to do is add users and the permissions of the users will
be set up entirely in the activemq.sql file, then you would just need to
create a JAAS auth realm and if you say want to use JDBC then write or
acquire a JDBC JAAS auth module. I wrote one in an afternoon that worked
with my user base, it is fairly easy.

2) If you want to have DYNAMIC mapping to queues and topics, say you need to
be able to have a queue for each user that only they can read from, then you
need to implement an AuthorizationMap (or else put everyone in the
activemq.xml file entries, which kind of defeats the purpose).

3) If you say wanted to use LDAP for either or both of these things, then
you would use a JAAS LDAP auth module and an LDAP AuthorizationMap (which
actually I believe exists, see the javadoc). Depending on your schema
requirements you may need to configure or tweak the code in either of those.

Finally, yes, LDAP requires an LDAP server. LDAP is a pretty useful
technology, but setting up and running LDAP servers is somewhat of a pain.
Note however that Active Directory can do your LDAP for you if you are in an
MS environment, which is a great thing if you have already user provisioning
etc set up for that. NDS is another commercial product that provides LDAP
service. Sun also has an LDAP server, and there are a few others out there
as well. OpenLDAP is your basic OSS implementation. I have a feeling there
are also OS J2EE components which can provide LDAP services. Not familiar
with them, but I bet you can find something. 

Getting your data INTO LDAP and managing it are a whole other kettle of
fish. There are command line and GUI tools that will do it. Basically
they're similar to RDBMS tools like the mysql command line tool, except they
work with LDAP databases.

greenapple wrote:
> Thanks Abdul and Dejan,
> Do you need an LDAP server to use LDAP authorization? My knowledge is
> minimal in LDAP.
> I found out through trial and error that you can add users on the fly
> using JAAS authentication and by editing and
> But somehow, doing this does not seem right since I would like to provide
> a UI for users to 
> Thanks,
> Abdul Alhazred wrote:
>> greenapple wrote:
>>> I have activemq running and a new user asks for an account. Is it
>>> possible to add users and groups on the fly to the list of users and
>>> groups in activemq without restarting it?
>>> If so, how? Can I do it programmatically? 
>> Well, you'd need to have an implementation of an AuthorizationMap that
>> picks up its data from someplace. I think I saw there is an LDAP one. The
>> default just gets it from the XML in the config file, which is obviously
>> no good for your purposes. There doesn't seem to be one that supports
>> JDBC right now, but I know one of these days soon I'm going to have to
>> write one because all my JAAS stuff is in there (I did write a JAAS auth
>> module for JDBC which works). You'll probably need something like that
>> too in order to authenticate the users from your data store. As a guess
>> I'd say it might take a couple days to unravel the AuthorizationMap
>> interface and implement something that works. Have a go at it! 

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message