activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Posta <christian.po...@gmail.com>
Subject Re: Is it possible to use Client Certs for Authentication/Authorization for Apollo?
Date Wed, 10 Jul 2013 16:53:51 GMT
You could take a look at this page:
http://activemq.apache.org/apollo/documentation/extending-guide.html

Then take a look at using a RouterListenerFactory for when destinations are
created:
http://activemq.apache.org/apollo/documentation/api/apollo-broker/index.html#org.apache.activemq.apollo.broker.RouterListenerFactory

Though, i'm not sure I understand your requirements completely. You want to
create a queue with the same name as the user? And do that when the user
connects? Or when?

You could also take a look at protocol filtering for the protocol you're
using (stomp?)  and create a filter that creates the queue when a user
connects:

Take a look here since protocol filtering still seems to be undocumented:

http://activemq.2283324.n4.nabble.com/Does-apollo-support-anything-like-interceptors-td4470806.html#a4478870

And use this filter:
/**
 * A Protocol filter can filter frames being sent/received to and from a
client.  It can modify
 * the frame or even drop it.
 */
@deprecated(message="Please use the ProtocolFilter3 interface instead",
since="1.7")
abstract class ProtocolFilter2 {

  /**
   * Filters a command frame received from a client.
   * returns None if the filter wants to drop the frame.
   */
  def filter_inbound[T](frame: T):T

  /**
   * Filters a command frame being sent client.
   * returns None if the filter wants to drop the frame.
   */
  def filter_outbound[T](frame: T):T
}



On Tue, Jul 9, 2013 at 4:14 PM, Garry Watkins <catshow@icloud.com> wrote:

> I have been looking at the documentation in the security section.
>
> http://activemq.apache.org/apollo/documentation/user-manual.html#Security
>
> I need to write code that will capture allow a queue to be created with
> the same name as the user.  That user may then be allowed to receive and
> consume messages.
>
> Any hints about where i could inject this into the code?
>
> Thanks
>
>
> On Jul 08, 2013, at 02:06 PM, Christian Posta <christian.posta@gmail.com>
> wrote:
>
> Should be the distinguished name from the X509 cert:
>
>
> http://docs.oracle.com/javase/6/docs/api/javax/security/auth/x500/X500Principal.html
>
>
> On Mon, Jul 8, 2013 at 1:31 PM, Garry Watkins <catshow@me.com> wrote:
>
> Ok, now that I know that I can do that.
>
> How does Apollo assign the username? What I want to do is have another
>
> process create a queue just for that user, and that is the only queue that
>
> user may access.
>
> Thanks for the speedy response.
>
> On Jul 8, 2013, at 1:28 PM, Christian Posta <christian.posta@gmail.com>
>
> wrote:
>
> > Yep, try adding the following to your ssl connector:
>
> >
>
> > <connector id="default" bind="ssl://0.0.0.0:61614">
>
> >
>
> > *<ssl client_auth="need" />*
>
> >
>
> > </connector>
>
> >
>
> >
>
> > On Mon, Jul 8, 2013 at 12:51 PM, Garry Watkins <catshow@me.com> wrote:
>
> >
>
> >> Is it possible to use Client Certs for Authentication/Authorization for
>
> >> Apollo?
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> > *Christian Posta*
>
> > http://www.christianposta.com/blog
>
> > twitter: @christianposta
>
>
>
> --
> *Christian Posta*
> http://www.christianposta.com/blog
> twitter: @christianposta
>
>


-- 
*Christian Posta*
http://www.christianposta.com/blog
twitter: @christianposta

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message