Thanks for the response.

We are already waiting for 2.2 so we can use the ejbds protocol, so I guess we can wait until then to secure ActiveMQ as well. Do you have a solid estimate on when 2.2 is slated for release? Are you guys still on track for a  Q3 2009 release as stated on the Geronimo site?




From: David Jencks []
Sent: Friday, August 28, 2009 4:54 PM
Subject: Re: Securing An Embedded ActiveMQ Resource Adapter



On Aug 28, 2009, at 2:45 PM, Joe Dente wrote:


How do you configure the security of JMS queues and topics running in Geronimo?

I have a couple queues and one topic that are already functioning and deployed using the deployment descriptor of a resource adapter that describes the queues, topics and my connection factory. I need to modify my resource adapter so that these queues and topics require valid credentials to access (eventually I also need to use SSL when communicating with these queues and topics).  ActiveMQ’s site has a lot of information on securing ActiveMQ as a standalone broker. However, I cannot find any information on configuring its security when it is embedded within Geronimo. The only security configurations I can find in the documentation are the “<config-property-setting name=”UserName”>” and “<config-property-setting name=”Password”>” that can be optionally specified on your resourceadapter-instance element. These settings do not seem to have any effect on my connections. The other security-related setting is the “<credential-interface>” element, which is commented out in every example I’ve seen and was also mentioned to be deprecated in a forum I read.

Does anybody have any experience with Geronimo’s JMS security?


The only security settings on the resource adapter are user name and password.  These let you set up a connection to an activemq broker.  Everything else needs to be configured in the broker.


I don't know if you can configure any security in an embedded broker in geronimo 2.1.x using the gbean wrappers for activemq components.  In 2.2 you should be able to configure security using the normal server.xml activemq configuration.  Alternatively you could use an external activemq instance for 2.1.x.


hope this helps

david jencks