activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Bertram <jbert...@apache.com>
Subject Re: Artemis - Certificate Security
Date Wed, 14 Oct 2015 19:15:13 GMT
I recently added support for JAAS modules which utilize username/password for authentication
and authorization.  See here [1].  Part of that work involved importing the certificate JAAS
module as well, but Artemis doesn't yet have all the plumbing necessary to support it since
it doesn't pass around the certificate to all the relevant parties.  I plan on adding support
for this in the future, but I'm working on other things at the moment.  Feel free to contribute.


Justin

[1] https://github.com/jbertram/activemq-artemis/commit/6ed9c5ae91dc7a08cdb3825fb17a5da24037fa36

----- Original Message -----
From: "slew77" <stephen.lewis77@yahoo.co.uk>
To: users@activemq.apache.org
Sent: Wednesday, October 14, 2015 11:48:02 AM
Subject: Artemis - Certificate Security

Hi,

Hoping to get some advice on adding a security plugin to Artemis.

We are using an Artemis 1.1.0 broker. 

Client systems post messages to a common queue and listen for messages on a
client specific queue.

There will be thousands of client systems.

Each client should be able to write to the common queue, but not read from
it. Each client should be able to read from their response queue only, but
not write to it.

We must base this access on the client certificate used to connect, i.e. we
can't use username/password.

The docs suggest it's possible to add a JAAS plugin, is that correct and is
there an example I could follow? If it is possible, is it feasible to base
the authorisation on the client certificate? Ideally we'd do a lookup from
the certificate thumbprint to get either a username or the roles that we
need. Any help gratefully received!

Thanks in advance,
Steve.



--
View this message in context: http://activemq.2283324.n4.nabble.com/Artemis-Certificate-Security-tp4702960.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message