Access control on the message queue

[Natit <pe...@zirius.no>]

i'd like to create a plugin that handles all user authentication in a simple
way. I do not want to use JAAS, and i need to sync the authorized users and
topics with another application.

I would like a plugin template that has something with a similar signature:
boolean canRead(ConnectionInfo,ActiveMQDestination);
boolean canWrite(ConnectionInfo,ActiveMQDestination);
boolean isAdmin(ConnectionInfo,ActiveMQDestination);

And for user authorization something like
boolean canLogin(ConnectionContext,ConnectionInfo);
but alas i have not found one.

I need to be able to add users and modify the authorization levels on the
fly based on data from outside active mq so using the simpleAuthplugin with
XML files is not a solution. Can anyone point me in the right direction?
Haveing looked at the plugin templates i can not really find one i can use.
The user numbers we are talking about here will range from a few hundred
online up to around 3000 at maxium. There will not be a huge number of
messages sent however.

Is it not possible to leave all access control of users, clients and
topic/queues up to the me without haveing to go through all the inner
workings of activeMQ? For me atleast it would be logical to have a plugin
with the freedom to approve or deny all user activity. I don't need to get
involved into how active mq deals with security after the point i said yes
its ok, or no its not ok. But i do need to be able to permit or deny
something without a massive unnecessary program flow.
-- 
View this message in context: http://www.nabble.com/Access-control-on-the-message-queue-tp16001329s2354p16001329.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: Access control on the message queue

[ttmdev <jo...@ttmsolutions.com>]

Sounds like what you may be looking for are LDAP Authorization and
Authentication plugins? That is, retrieve user security information from one
central directory service or repository. Maybe take a look at Acegi; I think
Acegi is or was on the ActiveMQ road map. 

I think ActiveMQ's plugin architecture should provide you with the freedom
and flexiblity you're looking for.

Joe
Goto www.ttmsolutions.com for a free ActiveMQ user guide
  


Natit wrote:
> 
> i'd like to create a plugin that handles all user authentication in a
> simple way. I do not want to use JAAS, and i need to sync the authorized
> users and topics with another application.
> 
> I would like a plugin template that has something with a similar
> signature:
> boolean canRead(ConnectionInfo,ActiveMQDestination);
> boolean canWrite(ConnectionInfo,ActiveMQDestination);
> boolean isAdmin(ConnectionInfo,ActiveMQDestination);
> 
> And for user authorization something like
> boolean canLogin(ConnectionContext,ConnectionInfo);
> but alas i have not found one.
> 
> I need to be able to add users and modify the authorization levels on the
> fly based on data from outside active mq so using the simpleAuthplugin
> with XML files is not a solution. Can anyone point me in the right
> direction? Haveing looked at the plugin templates i can not really find
> one i can use. The user numbers we are talking about here will range from
> a few hundred online up to around 3000 at maxium. There will not be a huge
> number of messages sent however.
> 
> Is it not possible to leave all access control of users, clients and
> topic/queues up to the me without haveing to go through all the inner
> workings of activeMQ? For me atleast it would be logical to have a plugin
> with the freedom to approve or deny all user activity. I don't need to get
> involved into how active mq deals with security after the point i said yes
> its ok, or no its not ok. But i do need to be able to permit or deny
> something without a massive unnecessary program flow.
> 

-- 
View this message in context: http://www.nabble.com/Access-control-on-the-message-queue-tp16001329s2354p16002529.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.