Mailing-List: contact users-help@activemq.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@activemq.apache.org
Received-SPF: pass (nike.apache.org: domain of lists@nabble.com designates
 216.139.236.158 as permitted sender)
Message-ID: <27229440.post@talk.nabble.com>
Date: Tue, 19 Jan 2010 09:29:45 -0800 (PST)
From: mastaskillz33 <ailardi@csc.com>
To: users@activemq.apache.org
Subject: Re: Active MQ ajax and security
In-Reply-To: <36e91d9d1001190853y4e53700ck118103b6744c9f36@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
References: <27228521.post@talk.nabble.com>
 <36e91d9d1001190853y4e53700ck118103b6744c9f36@mail.gmail.com>


Thank you. A rest interface does make sense here. Since consuming
applications would be deployed to a different locations. Could I write
specific servlets in the jetty container for a REST interface? 

My other question is even if I deployed an application to the embedded jetty
server and used the ajax interface someone could always just modify the
queue name(firebug or whatever) and see anyone else's data. Is there any way
to add security in that case? or am I stuck wrapping the queue interactions
inside a REST service. One of which would then need to be a "long polling or
alternative" to receive the live message off the queue.

I also am curios as to the best way to authenticate to a rest service once a
user is authenticated on a particular site for instance.

Twitter uses basic auth for it's web services. If the twitter was to use
those services on it's pages how would It basic auth the user. It would need
to send the headers over the wire. Is there a better way?


Dejan Bosanac wrote:
> 
> Hi,
> 
> AjaxServlet can't be exposed to the web in general. It must be a part of
> the
> application which is running the client js code to send/receive messages.
> If
> you need a general-purpose web interface, try using REST. As for security
> you can secure it using basic-auth or any other method used on the web.
> 
> Cheers
> --
> Dejan Bosanac - http://twitter.com/dejanb
> 
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
> 
> 
> On Tue, Jan 19, 2010 at 5:28 PM, mastaskillz33 <ailardi@csc.com> wrote:
> 
>>
>> I've developing an application on google's app engine. I would like to
>> integrate it with active mq. I figure I could put my active mq server
>> exposed to the web except I would need to authenticate users before
>> allowing
>> them to pub sub to the Q. How should I do this. I basically want them to
>> log
>> into the app engine site and not be prompted again
>> --
>> View this message in context:
>> http://old.nabble.com/Active-MQ-ajax-and-security-tp27228521p27228521.html
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>
>>
> 
> 
> -----
> Dejan Bosanac
> 
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
> 

-- 
View this message in context: http://old.nabble.com/Active-MQ-ajax-and-security-tp27228521p27229440.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.