activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Garry Watkins <cats...@me.com>
Subject Re: Is it possible to use Client Certs for Authentication/Authorization for Apollo?
Date Wed, 10 Jul 2013 22:38:33 GMT
Yes, the users will be unknown at the time of connection.

On Jul 10, 2013, at 3:00 PM, Hiram Chirino <hiram@hiramchirino.com> wrote:

> An the user names are dynamic?  You don't know them ahead of time?
> 
> On Tue, Jul 9, 2013 at 4:14 PM, Garry Watkins <catshow@icloud.com> wrote:
>> I have been looking at the documentation in the security section.
>> 
>> http://activemq.apache.org/apollo/documentation/user-manual.html#Security
>> 
>> I need to write code that will capture allow a queue to be created with the
>> same name as the user.  That user may then be allowed to receive and consume
>> messages.
>> 
>> Any hints about where i could inject this into the code?
>> 
>> Thanks
>> 
>> 
>> On Jul 08, 2013, at 02:06 PM, Christian Posta <christian.posta@gmail.com>
>> wrote:
>> 
>> Should be the distinguished name from the X509 cert:
>> 
>> http://docs.oracle.com/javase/6/docs/api/javax/security/auth/x500/X500Principal.html
>> 
>> 
>> On Mon, Jul 8, 2013 at 1:31 PM, Garry Watkins <catshow@me.com> wrote:
>> 
>> Ok, now that I know that I can do that.
>> 
>> How does Apollo assign the username? What I want to do is have another
>> 
>> process create a queue just for that user, and that is the only queue that
>> 
>> user may access.
>> 
>> Thanks for the speedy response.
>> 
>> On Jul 8, 2013, at 1:28 PM, Christian Posta <christian.posta@gmail.com>
>> 
>> wrote:
>> 
>>> Yep, try adding the following to your ssl connector:
>> 
>>> 
>> 
>>> <connector id="default" bind="ssl://0.0.0.0:61614">
>> 
>>> 
>> 
>>> *<ssl client_auth="need" />*
>> 
>>> 
>> 
>>> </connector>
>> 
>>> 
>> 
>>> 
>> 
>>> On Mon, Jul 8, 2013 at 12:51 PM, Garry Watkins <catshow@me.com> wrote:
>> 
>>> 
>> 
>>>> Is it possible to use Client Certs for Authentication/Authorization for
>> 
>>>> Apollo?
>> 
>>> 
>> 
>>> 
>> 
>>> 
>> 
>>> 
>> 
>>> --
>> 
>>> *Christian Posta*
>> 
>>> http://www.christianposta.com/blog
>> 
>>> twitter: @christianposta
>> 
>> 
>> 
>> --
>> *Christian Posta*
>> http://www.christianposta.com/blog
>> twitter: @christianposta
> 
> 
> 
> -- 
> Hiram Chirino
> 
> Engineering | Red Hat, Inc.
> 
> hchirino@redhat.com | fusesource.com | redhat.com
> 
> skype: hiramchirino | twitter: @hiramchirino
> 
> blog: Hiram Chirino's Bit Mojo


Mime
View raw message