Return-Path: 
 <users-return-35281-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org>
X-Original-To: apmail-activemq-users-archive@www.apache.org
Delivered-To: apmail-activemq-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9E1F410D24
	for <apmail-activemq-users-archive@www.apache.org>;
 Wed, 10 Jul 2013 19:00:26 +0000 (UTC)
Received: (qmail 87256 invoked by uid 500); 10 Jul 2013 19:00:26 -0000
Delivered-To: apmail-activemq-users-archive@activemq.apache.org
Received: (qmail 87162 invoked by uid 500); 10 Jul 2013 19:00:25 -0000
Mailing-List: contact users-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@activemq.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@activemq.apache.org>
List-Post: <mailto:users@activemq.apache.org>
List-Id: <users.activemq.apache.org>
Reply-To: users@activemq.apache.org
Delivered-To: mailing list users@activemq.apache.org
Received: (qmail 87152 invoked by uid 99); 10 Jul 2013 19:00:25 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Jul 2013 19:00:25 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of chirino@gmail.com designates
 209.85.220.172 as permitted sender)
Received: from [209.85.220.172] (HELO mail-vc0-f172.google.com)
 (209.85.220.172)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 10 Jul 2013 19:00:21 +0000
Received: by mail-vc0-f172.google.com with SMTP id ib11so5988055vcb.3
        for <users@activemq.apache.org>; Wed, 10 Jul 2013 12:00:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:content-type;
        bh=xO8uJhwu6Z41z+Z5y8gHYG1p1d3vvkovsmItEiZ2+SQ=;
        b=nY5UaBXhVhzHdTxR/1gSBBooMIVKcVCtGi/BFVGIXYnfz8t9V/hGrj7tXsE+7XQu5U
         ktrAeMhD9H8ARFlUoiYWTXZ9yqv8xKK1L+r0E/blOUoZBK7FhcAqDDLS0Qxg5Irglz6V
         F75GomZEsV3/xB6hEd4ouStJ4vMlSjrNix5j6UQJFKSV/B1Yt3c3vZNNeFZyVJ7WRKdQ
         dxZeoUCfQ6m2KOet3+f1aWvGzBHD/bq5EOg2HDATY+bC0zWdZWM8ajx5SftRrWAJ+2Mg
         9+l24K5l6FHNlaLfUZQpdgj2svAIM7NfgmKqJQZd255omnQyfVX75ovUQ3ehL1HqLfYn
         1yqw==
MIME-Version: 1.0
X-Received: by 10.220.207.72 with SMTP id fx8mr19173690vcb.30.1373482800509;
 Wed, 10 Jul 2013 12:00:00 -0700 (PDT)
Sender: chirino@gmail.com
Received: by 10.52.243.201 with HTTP; Wed, 10 Jul 2013 12:00:00 -0700 (PDT)
In-Reply-To: <44e3958c-3f27-4582-ab72-be42a81b09f4@me.com>
References: 
 <CAKS7T5N1EK=xJuT_X5PGT=7Qgmc4mEb14UY3dX37pK-QN5dmVg@mail.gmail.com>
	<44e3958c-3f27-4582-ab72-be42a81b09f4@me.com>
Date: Wed, 10 Jul 2013 15:00:00 -0400
X-Google-Sender-Auth: uvS72IV61sTkpAaWcBGxOwpzkD0
Message-ID: 
 <CAGZ-RDKXVJy=1_sYtdZ7QLaWj_TQgywAX7kYf8C1wVAboSWyEA@mail.gmail.com>
Subject: Re: Is it possible to use Client Certs for
 Authentication/Authorization
 for Apollo?
From: Hiram Chirino <hiram@hiramchirino.com>
To: users <users@activemq.apache.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

An the user names are dynamic?  You don't know them ahead of time?

On Tue, Jul 9, 2013 at 4:14 PM, Garry Watkins <catshow@icloud.com> wrote:
> I have been looking at the documentation in the security section.
>
> http://activemq.apache.org/apollo/documentation/user-manual.html#Security
>
> I need to write code that will capture allow a queue to be created with the
> same name as the user.  That user may then be allowed to receive and consume
> messages.
>
> Any hints about where i could inject this into the code?
>
> Thanks
>
>
> On Jul 08, 2013, at 02:06 PM, Christian Posta <christian.posta@gmail.com>
> wrote:
>
> Should be the distinguished name from the X509 cert:
>
> http://docs.oracle.com/javase/6/docs/api/javax/security/auth/x500/X500Principal.html
>
>
> On Mon, Jul 8, 2013 at 1:31 PM, Garry Watkins <catshow@me.com> wrote:
>
> Ok, now that I know that I can do that.
>
> How does Apollo assign the username? What I want to do is have another
>
> process create a queue just for that user, and that is the only queue that
>
> user may access.
>
> Thanks for the speedy response.
>
> On Jul 8, 2013, at 1:28 PM, Christian Posta <christian.posta@gmail.com>
>
> wrote:
>
>> Yep, try adding the following to your ssl connector:
>
>>
>
>> <connector id="default" bind="ssl://0.0.0.0:61614">
>
>>
>
>> *<ssl client_auth="need" />*
>
>>
>
>> </connector>
>
>>
>
>>
>
>> On Mon, Jul 8, 2013 at 12:51 PM, Garry Watkins <catshow@me.com> wrote:
>
>>
>
>>> Is it possible to use Client Certs for Authentication/Authorization for
>
>>> Apollo?
>
>>
>
>>
>
>>
>
>>
>
>> --
>
>> *Christian Posta*
>
>> http://www.christianposta.com/blog
>
>> twitter: @christianposta
>
>
>
> --
> *Christian Posta*
> http://www.christianposta.com/blog
> twitter: @christianposta



-- 
Hiram Chirino

Engineering | Red Hat, Inc.

hchirino@redhat.com | fusesource.com | redhat.com

skype: hiramchirino | twitter: @hiramchirino

blog: Hiram Chirino's Bit Mojo