[jira] Created: (AMQ-2591) The ability to disable wildcards on a topic.

["adam i (JIRA)" <ji...@apache.org>]

The ability to disable wildcards on a topic.
--------------------------------------------

                 Key: AMQ-2591
                 URL: https://issues.apache.org/activemq/browse/AMQ-2591
             Project: ActiveMQ
          Issue Type: Improvement
          Components: Broker, JMS client
    Affects Versions: 5.3.0
         Environment: windows xp
            Reporter: adam i


I've been doing some work with the orbited project. http://orbited.org/ . This provides a web based message consumer. The issue is since we have client side code calling a topic or queue they could easily just turn on the * and listen to everything. This is assuming of course we don't have security in place for each user. There are cases when someone would want to keep a topic private and in that case security can be used. There are also cases where you would want certain topics to be public. You don't want someone to do a topic/* and get all the messages from all the public topics. This feature would greatly enhance activemq's ability to work in the real time web.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (AMQ-2591) The ability to disable wildcards on a topic.

["Rob (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/activemq/browse/AMQ-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=57405#action_57405 ] 

Rob commented on AMQ-2591:
--------------------------

As a side note... our clients are pretty ephemeral. Our customer adds new users to the system daily and the entire rest of the system handles this... but it appears tricky to pass this information on to AMQ. It is not ideal for us to catch messages from our customer daily about new users and then creating new users and groups within activemq.

We want to have one group called "guests". They have write only access on upstream channels to the server... and read only for pretty much any queue. The idea was to use the name of the queue as a secret. We would then have one other user "server" who would have looser restrictions.

The way AMQ is now.. we would have to add and remove 1000+ users daily to activemq to force them to only be allowed to read their single "private" queue. From what I can tell.. this would mean editing the config file daily... or adding LDAP entires daily. It seems like it would be so much simpler if would could prevent a generic user from mass subscribing to all queues without knowing the names of the queues.

Also... don't people run into trouble with wildcarding? It seems to make it hard to enforce one user per queue without having user/password settings for each user of the system.

> The ability to disable wildcards on a topic.
> --------------------------------------------
>
>                 Key: AMQ-2591
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2591
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker, JMS client
>    Affects Versions: 5.3.0
>         Environment: windows xp
>            Reporter: adam i
>
> I've been doing some work with the orbited project. http://orbited.org/ . This provides a web based message consumer. The issue is since we have client side code calling a topic or queue they could easily just turn on the * and listen to everything. This is assuming of course we don't have security in place for each user. There are cases when someone would want to keep a topic private and in that case security can be used. There are also cases where you would want certain topics to be public. You don't want someone to do a topic/* and get all the messages from all the public topics. This feature would greatly enhance activemq's ability to work in the real time web.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (AMQ-2591) The ability to disable wildcards on a topic.

["Rob (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/activemq/browse/AMQ-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=57404#action_57404 ] 

Rob commented on AMQ-2591:
--------------------------

I think the heart of the issue here is that security can be tricky with activemq (at least as far as locking down queues).

The idea for easy security was to use the browser session id as the queue name... like "A653D78C432AEEC38D142ACCD2703BAF.queue"

If the connection to the server was in SSL... there would be a very low risk of man in the middle attacks. Then to get your private messages you would just subscribe up to this session id queue name. Since it is very unlikely anyone could guess your session id... it would be very unlikely that anyone could guess your queue name. The idea would be that unless they knew your session id... they would have no idea which queue to subscribe to to eavesdrop on your messages. Along with this... we look at write only queues or topics for the server to listen to. That way people can publish messages upstream with their session id attached... however no body but the server could read them.

The point was brought up however... that AMQ lets you wildcard subscriptions. In this case... they could listen to all queues and would have no trouble finding your "private" queue.

I think the general hope is for a way to make a queue private without having to have an authentication mechanism for each individual user subscribing to queues. Our system for example has thousands of users all needing one private queue to receive "secret" messages on. It seems a little daunting to give each of these users unique passwords to access their queue.

If there was a way to stop wildcarding... are there other holes people see with this approach?

> The ability to disable wildcards on a topic.
> --------------------------------------------
>
>                 Key: AMQ-2591
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2591
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker, JMS client
>    Affects Versions: 5.3.0
>         Environment: windows xp
>            Reporter: adam i
>
> I've been doing some work with the orbited project. http://orbited.org/ . This provides a web based message consumer. The issue is since we have client side code calling a topic or queue they could easily just turn on the * and listen to everything. This is assuming of course we don't have security in place for each user. There are cases when someone would want to keep a topic private and in that case security can be used. There are also cases where you would want certain topics to be public. You don't want someone to do a topic/* and get all the messages from all the public topics. This feature would greatly enhance activemq's ability to work in the real time web.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.