activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Fernandez <joe.fernan...@ttmsolutions.com>
Subject Re: ActiveMQ and Glassfish Realm
Date Fri, 11 Jul 2008 20:33:39 GMT

1. No, you can either develop your own JAAS LoginModule or use the Glassfish
LoginModule.  The LoginModule gets picked up by the ActiveMQ
JaasAuthenticationBroker. You specify what module to pick up via a
combination of broker XML file and the login.config file. Keep in mind that
this is for 'authentication' and not authorization. 

3. ActiveMQ's default JAAS LoginModule (see PropertiesLoginModule) will
automatically pickup modifications made to the user and group properties
file. It reads the file every time the login method gets called. 

4. I don't think so, but you could take advantage of
org.mortbay.jetty.security.Credential.

5. Authorization is performed by the BrokerFilter; there's no dependency on
transport type at that level.  The ConnectionInfo object just needs to
render a username and password. 

Hope this helps,
Joe
www.ttmsolutions.com
 


Patrick Julien-2 wrote:
> 
> I have read the security page found at
> http://activemq.apache.org/security.html but I am somewhat confused by the
> information found there.
> 
> 1. If I wanted ActiveMQ to work with a Glassfish realm, Glassfish does
> indeed use JAAS, would I need to code my own plugin based on BrokerPlugin?
> Or would it be possible to configure the current JAAS plugin to work with
> the glassfish realm?  Note here that I am not looking to replace the
> OpenMQ
> instance found inside Glassfish itself, ActiveMQ would run standalone
> outside any container.
> 
> 2. If I do need to make my own plugin based on BrokerPlugin, what jars are
> actually needed to accomplish this?
> 
> 3. Say this turns out to be too complicated to bridge the two together. 
> How
> sensitive would ActiveMQ be to having the "users.properties" and
> "groups.properties" files being refreshed periodically from realm data?
> 
> 4. Is it possible to hash the passwords found in user.properties?
> 
> 5. ActiveMQ supports many transports but it's my understanding that not
> all
> of them support authorization.  Is there an exaustive list somewhere of
> which transports support authorization and which do not?
> 
> thank you,
> 
> -- 
> http://www.spectrumdt.com
> http://codepimps.org
> 
> 

-- 
View this message in context: http://www.nabble.com/ActiveMQ-and-Glassfish-Realm-tp18405818p18412028.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message