Return-Path: X-Original-To: apmail-activemq-users-archive@www.apache.org Delivered-To: apmail-activemq-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B14D2EBCF for ; Tue, 27 Nov 2012 16:51:51 +0000 (UTC) Received: (qmail 12556 invoked by uid 500); 27 Nov 2012 16:51:51 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 11908 invoked by uid 500); 27 Nov 2012 16:51:50 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 11878 invoked by uid 99); 27 Nov 2012 16:51:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Nov 2012 16:51:49 +0000 X-ASF-Spam-Status: No, hits=2.8 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of christian.posta@gmail.com designates 209.85.215.43 as permitted sender) Received: from [209.85.215.43] (HELO mail-la0-f43.google.com) (209.85.215.43) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Nov 2012 16:51:43 +0000 Received: by mail-la0-f43.google.com with SMTP id z14so9829408lag.2 for ; Tue, 27 Nov 2012 08:51:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=UIpZtC6ie9OhhLlqOfEgaY1z4t9sQKU8Glsqvd2mm6s=; b=SDc9APkNH9AXO1+bJB9VkXjxSBM0Fz6V6pu5pjdc/VhbXJAbbnSSFiy6WAdS+vCKKY b7ZuHWyr1jRTGYaWjJw9b4ZFy/dRBR9wsZP/68qJEl84JLnD3ibyyQMF89mcLm9EVYKz ffu4gk3ZS434ZrJi3FSM339BKexk0Hiy+dcTJUFvF2DITkF4Am5iDYe1zpCs6bg/qd5i AVpwXNRvmHOKtLFkywRep7RULeW/dPJGEVVii9sleDpu4fryTaJE6CDY08uQFqWGNVYd V6njd2aYBe9oJghLJqcE14A1RBb4E3/HZFZnkLmmdTYTz0+GbNcutW2os4rsC+3PWejs t3fQ== MIME-Version: 1.0 Received: by 10.112.39.73 with SMTP id n9mr7058972lbk.114.1354035082017; Tue, 27 Nov 2012 08:51:22 -0800 (PST) Received: by 10.114.36.170 with HTTP; Tue, 27 Nov 2012 08:51:21 -0800 (PST) In-Reply-To: <1354033596911-4659824.post@n4.nabble.com> References: <1354011795235-4659805.post@n4.nabble.com> <1354027804277-4659817.post@n4.nabble.com> <1354033596911-4659824.post@n4.nabble.com> Date: Tue, 27 Nov 2012 09:51:21 -0700 Message-ID: Subject: Re: ActiveMQ SSL Client From: Christian Posta To: "users@activemq.apache.org" Content-Type: multipart/alternative; boundary=e0cb4efe2f4e13baf104cf7cdce9 X-Virus-Checked: Checked by ClamAV on apache.org --e0cb4efe2f4e13baf104cf7cdce9 Content-Type: text/plain; charset=ISO-8859-1 Yes, you still create the keystores and truststores. Those are used for Authentication. But you can plug in "Authorization" rules and match them up to usernames if you use the jaas plugin as Dejan mentioned. Authentication is concerned with determining whether the person is who they say they are and can make a connection with the broker. Authorization happens after they have passed authentication. Authorization determines whether they are allowed to perform certain actions based on their role (write to a queue, consume from a topic, create a destination, etc). HTH On Tue, Nov 27, 2012 at 9:26 AM, joesan wrote: > So with this plugin, I do not need to create broker trust stores and broker > key stores? > > > > -- > View this message in context: > http://activemq.2283324.n4.nabble.com/ActiveMQ-SSL-Error-No-X509TrustManager-implementation-avaiable-tp4659805p4659824.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. > -- *Christian Posta* http://www.christianposta.com/blog twitter: @christianposta --e0cb4efe2f4e13baf104cf7cdce9--