activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From janylj <jan...@gmail.com>
Subject Re: ActiveMQ JNDI support only for testing?
Date Wed, 18 Mar 2009 16:56:49 GMT

Hello Huntc,

I read your blog especially the Authorisation part. I think we are talking
about the same thing. The LDAP server I set up also uses ACI to grant or
limit the access to specific topic/queue. 

I guess this discussion is mainly about whether ActiveMQ has an embedded
JNDI provider for centralized management. Because the LDAP server I have to
set up is exclusive for ActiveMQ, however, the availability of LDAP server
is separate from ActiveMQ. In other words, if LDAP says you could use this
queue, you still could not use the queue if ActiveMQ broker is down. Vice
versa, if LDAP server is down, although all the resources are available in
the JMS broker, you still could not uses any of them.

Lijun


huntc wrote:
> 
> 
> janylj wrote:
>> 
>> I was trying to have a centralized repository of destinations and
>> ConnectionFactory. I could use a uniform namespace for destination to
>> avoid conflicting. However, I don't want to allow users creating
>> destination or ConnectionFactory on the fly. I would like them accessing
>> the broker only through administrative objects.
>> 
> 
> I believe you are going about this the wrong way. What you really want is
> topic/queue authorisation i.e. only let certain authenticated users do
> certain things within the broker.
> 
> You might find my blog entry on securing ActiveMQ useful. Authorisation is
> covered.
> 
> http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html
> 
> 

-- 
View this message in context: http://www.nabble.com/ActiveMQ-JNDI-support-only-for-testing--tp21925743p22583570.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message