Return-Path: X-Original-To: apmail-activemq-users-archive@www.apache.org Delivered-To: apmail-activemq-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B7D4E93B0 for ; Mon, 3 Oct 2011 23:46:36 +0000 (UTC) Received: (qmail 18022 invoked by uid 500); 3 Oct 2011 23:46:36 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 17995 invoked by uid 500); 3 Oct 2011 23:46:36 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 17987 invoked by uid 99); 3 Oct 2011 23:46:36 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Oct 2011 23:46:36 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of gary.tully@gmail.com designates 209.85.216.43 as permitted sender) Received: from [209.85.216.43] (HELO mail-qw0-f43.google.com) (209.85.216.43) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Oct 2011 23:46:30 +0000 Received: by qabg14 with SMTP id g14so2603157qab.2 for ; Mon, 03 Oct 2011 16:46:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=CMtS7//qwhtpmhKJ+PiT77pBgc1wtaSC0BPkEoLtV9I=; b=fg3TRyn3feF3M6EVcA3PF4/s5EW44gGjnaHHz7SGJbva0zvxhkt2g0i2NlZVF1KV5Z D/3vlWfHuxUH0vp8dEoI7Qx+sHDRdJV/DZuiXscttGswfIbAtXrkLxTyu5CLN7jA7nF1 BaSybJGS/Fug313dEKALf25KFOLYRbb14u5aw= MIME-Version: 1.0 Received: by 10.229.66.160 with SMTP id n32mr467954qci.33.1317685570060; Mon, 03 Oct 2011 16:46:10 -0700 (PDT) Received: by 10.229.166.198 with HTTP; Mon, 3 Oct 2011 16:46:10 -0700 (PDT) In-Reply-To: References: Date: Tue, 4 Oct 2011 00:46:10 +0100 Message-ID: Subject: Re: IP Based Authorization From: Gary Tully To: users@activemq.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org The norm is a custom jaas plugin, but this would be a great feature to have by default. There are some good templates in the org.apache.activemq.security package of activemq-core all contributions gratefully accepted ;-) On 3 October 2011 15:28, Ken Barber wrote: > Hi, > > So I'm interested in the state of IP based authorization for ActiveMQ. > I can see some work on blacklisting in Apollo: > > https://issues.apache.org/jira/browse/APLO-38?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs > > And I can see an example JAAS Plugin: > > http://www.javabeat.net/articles/314-building-a-custom-security-plugin-in-activemq-1.html > > I'm curious - Is there any JAAS Plugin developed by the ActiveMQ team > to provide levels of IP authorization? Or is the norm here to develop > a custom JAAS plugin? > > The goal here is to provide different grades of access to queues and > topics implicitly based on IP. > > ken. > -- http://fusesource.com http://blog.garytully.com