geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Securing queues and topics in embedded ActiveMQ
Date Wed, 18 Mar 2009 15:57:51 GMT

On Mar 18, 2009, at 7:19 AM, Raj Saini wrote:

> Hi David,
> I explored it further and found that Geronimo Security Realms work  
> file with the ActiveMQ. Problem is with the ActiveMQ  
> authorizationPlugin. In AuthorizationEntry class
> <code>
>   private String groupClass =  
> "org.apache.activemq.jaas.GroupPrincipal";
> </code>
> is hard coded. I think if the group class can be made configurable   
> (e.g pass  
> theorg 
> authorization should work. Looking at the ActiveMQ docs, it seems be  
> possible using the interceptor stuff. Please guide me if this is a  
> right approach and I will give it a try.

I can think of a lot of possible approaches but this certainly seems  
like a simple way to proceed.

Another thing you might try is modifying the LoginModule you are using  
to create the activemq group principal. Geronimo has very configurable  
principal-role mappings so you could just change any of these you need  
to use the activemq principal.  You might also be able to add an  
additional login module that "duplicated" the geronimo group  
principals into amq group principals.   However I think in general it  
would be more useful to more people to make activemq a little more  
flexible.... I'm hoping you can contribute this back to activemq.

many thanks
david jencks

> Thanks,
> Raj
> From: David Jencks <>
> To:
> Sent: Friday, 13 March, 2009 10:29:10 PM
> Subject: Re: Securing queues and topics in embedded ActiveMQ
> On Mar 13, 2009, at 4:54 AM, Raj Saini wrote:
>> Hi,
>> I am having problem securing the ActiveMQ admin objects (queues and  
>> topics) in embedded ActiveMQ.I can do this on a standalone ActiveMQ  
>> using JAAS login module plugin. Is it possible to do the same in  
>> embedded ActiveMQ and probably using the Geronimo security realms.
> That would be a great feature but I don't think anyone has figured  
> out how to do this yet.  I suspect you'd need to write some code to  
> adapt activeMQ to the geronimo security framework.
> If you investigate further please let us know what you find out!   
> You might want to work with geronimo trunk (2.2-SNAPSHOT) as it uses  
> the much more up to date activemq 5.3-SNAPSHOT and if changes to  
> activemq are needed there's a much better chance of getting them  
> included in a future release.
> thanks
> david jencks
>> Regards,
>> Raj

View raw message