On Mar 18, 2009, at 7:19 AM, Raj Saini wrote:

Hi David,

I explored it further and found that Geronimo Security Realms work file with the ActiveMQ. Problem is with the ActiveMQ authorizationPlugin. In AuthorizationEntry class
private String groupClass = "org.apache.activemq.jaas.GroupPrincipal";
is hard coded. I think if the group class can be made configurable  (e.g pass theorg.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal), authorization should work. Looking at the ActiveMQ docs, it seems be possible using the interceptor stuff. Please guide me if this is a right approach and I will give it a try.

I can think of a lot of possible approaches but this certainly seems like a simple way to proceed.

Another thing you might try is modifying the LoginModule you are using to create the activemq group principal. Geronimo has very configurable principal-role mappings so you could just change any of these you need to use the activemq principal.  You might also be able to add an additional login module that "duplicated" the geronimo group principals into amq group principals.   However I think in general it would be more useful to more people to make activemq a little more flexible.... I'm hoping you can contribute this back to activemq.

many thanks
david jencks



From: David Jencks <david_jencks@yahoo.com>
To: user@geronimo.apache.org
Sent: Friday, 13 March, 2009 10:29:10 PM
Subject: Re: Securing queues and topics in embedded ActiveMQ

On Mar 13, 2009, at 4:54 AM, Raj Saini wrote:


I am having problem securing the ActiveMQ admin objects (queues and topics) in embedded ActiveMQ.I can do this on a standalone ActiveMQ using JAAS login module plugin. Is it possible to do the same in embedded ActiveMQ and probably using the Geronimo security realms.

That would be a great feature but I don't think anyone has figured out how to do this yet.  I suspect you'd need to write some code to adapt activeMQ to the geronimo security framework.

If you investigate further please let us know what you find out!  You might want to work with geronimo trunk (2.2-SNAPSHOT) as it uses the much more up to date activemq 5.3-SNAPSHOT and if changes to activemq are needed there's a much better chance of getting them included in a future release.

david jencks