activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Fletcher <fletch...@gmail.com>
Subject Re: Per-transportconnector authentication
Date Thu, 18 Aug 2011 10:04:43 GMT
I had a look at the code. I think it would be a valid and useful feature.

The tricky thing is where to configure it. Configure an auth plugin to
reference a certain transportconnector? Or configure a transportconnector to
reference a certain auth plugin? The latter seems more logical from a
useability point of view. But if you start allowing this kind of config then
do you allow simply one transport conncector, one auth plugin? Or can you
specify certain users from an auth plugin on a transport connector? Hmmm...

John
2011/8/18 Dejan Bosanac <dejan@nighttale.net>

> We don't have that at the moment. The closest thing there is to that is
> Jaas
> dual plugin, which uses certificates to authenticate ssl connections and
> user/pass for plain ones.
>
> It shouldn't be hard to implement it. If you want to give it a try take a
> look at current plugins
>
>
> https://fisheye6.atlassian.com/browse/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security
>
>
> Regards
> --
> Dejan Bosanac - http://twitter.com/dejanb
> -----------------
> The experts in open source integration and messaging -
> http://fusesource.com
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
>
>
> On Thu, Aug 18, 2011 at 11:01 AM, John Fletcher <fletchgqc@gmail.com>
> wrote:
>
> > I have an ActiveMQ instance with transport connectors as follows:
> > <transportConnector name="local" uri="tcp://localhost:61616"/>
> > <transportConnector name="ssl" uri="ssl://0.0.0.0:61617"/>
> >
> > Is it possible to require authentication on the ssl connector but allow
> > anonymous authentication on the local connector? I don't have complicated
> > authorisation rules, I could just give admin access to anyone who
> > successfully connects by either route.
> >
> > John
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message