activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From huntc <hu...@mac.com>
Subject Re: Determining the client's AMQ interface within a JAAS login module
Date Tue, 19 May 2009 11:13:54 GMT

I have looked into this further and determined that my previous post was not
complete.

I have now written an extension of the JaasCertificateAuthenticationBroker
so that it only authenticates against an SSL certificate if an SSL transport
is being used. You can browse the class  
http://code.google.com/p/jaasloginmodules/source/browse/tags/JAAS%20Login%20Modules-1.2.0/src/main/java/com/classactionpl/jaas/activemq/SslCertificateAuthenticationBroker.java
here .

To use this class you can check the project out from the 
http://code.google.com/p/jaasloginmodules/source/browse/tags/JAAS+Login+Modules-1.2.0/
1.2.0 tag .

After building the project using Maven drop the resultant jar file in AMQ's
lib/optional folder and configure activemq.xml like so:


    &lt;plugins&gt;
      &lt;bean xmlns="http://www.springframework.org/schema/beans" 
                id="SslCertificateAuthenticationPlugin" 
              
class="com.classactionpl.jaas.activemq.SslCertificateAuthenticationPlugin"&gt;
        &lt;property name="configuration" value="activemq-domain"/&gt;
        &lt;property name="nonsslUsername" value="nonssluser"/&gt;
        &lt;property name="nonsslGroups"&gt;
          &lt;set&gt;
            &lt;value&gt;jms-services&lt;/value&gt;
            &lt;value&gt;activemq-users&lt;/value&gt;
          &lt;/set&gt;
        &lt;/property&gt;
      &lt;/bean&gt;

      &lt;!--  lets configure a destination based authorization mechanism
--&gt;
      &lt;authorizationPlugin&gt;
        &lt;map&gt;
          &lt;authorizationMap&gt;
            &lt;authorizationEntries&gt;
              ...

              &lt;authorizationEntry topic="ActiveMQ.Advisory.&gt;"
                read="activemq-users"
                write="activemq-users"
                admin="activemq-users" /&gt;
            &lt;/authorizationEntries&gt;
          &lt;/authorizationMap&gt;
        &lt;/map&gt;
      &lt;/authorizationPlugin&gt;
    &lt;/plugins&gt;


There is a unit test for the plugin which of course passes and I have tested
it against an application that uses both an SSL transport and a TCP
transport to connect with the broker. FYI the machine that hosts the broker
will only expose the SSL port to the outside world thus preventing anonymous
connections.

I hope that this code is useful to you.

Kind regards,
Christopher
-- 
View this message in context: http://www.nabble.com/Determining-the-client%27s-AMQ-interface-within-a-JAAS-login-module-tp23018992p23614159.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message