You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by mastaskillz33 <ai...@csc.com> on 2010/01/19 17:28:16 UTC
Active MQ ajax and security
I've developing an application on google's app engine. I would like to
integrate it with active mq. I figure I could put my active mq server
exposed to the web except I would need to authenticate users before allowing
them to pub sub to the Q. How should I do this. I basically want them to log
into the app engine site and not be prompted again
--
View this message in context: http://old.nabble.com/Active-MQ-ajax-and-security-tp27228521p27228521.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Active MQ ajax and security
Posted by mastaskillz33 <ai...@csc.com>.
Thank you. A rest interface does make sense here. Since consuming
applications would be deployed to a different locations. Could I write
specific servlets in the jetty container for a REST interface?
My other question is even if I deployed an application to the embedded jetty
server and used the ajax interface someone could always just modify the
queue name(firebug or whatever) and see anyone else's data. Is there any way
to add security in that case? or am I stuck wrapping the queue interactions
inside a REST service. One of which would then need to be a "long polling or
alternative" to receive the live message off the queue.
I also am curios as to the best way to authenticate to a rest service once a
user is authenticated on a particular site for instance.
Twitter uses basic auth for it's web services. If the twitter was to use
those services on it's pages how would It basic auth the user. It would need
to send the headers over the wire. Is there a better way?
Dejan Bosanac wrote:
>
> Hi,
>
> AjaxServlet can't be exposed to the web in general. It must be a part of
> the
> application which is running the client js code to send/receive messages.
> If
> you need a general-purpose web interface, try using REST. As for security
> you can secure it using basic-auth or any other method used on the web.
>
> Cheers
> --
> Dejan Bosanac - http://twitter.com/dejanb
>
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
>
>
> On Tue, Jan 19, 2010 at 5:28 PM, mastaskillz33 <ai...@csc.com> wrote:
>
>>
>> I've developing an application on google's app engine. I would like to
>> integrate it with active mq. I figure I could put my active mq server
>> exposed to the web except I would need to authenticate users before
>> allowing
>> them to pub sub to the Q. How should I do this. I basically want them to
>> log
>> into the app engine site and not be prompted again
>> --
>> View this message in context:
>> http://old.nabble.com/Active-MQ-ajax-and-security-tp27228521p27228521.html
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>
>>
>
>
> -----
> Dejan Bosanac
>
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
>
--
View this message in context: http://old.nabble.com/Active-MQ-ajax-and-security-tp27228521p27229440.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Active MQ ajax and security
Posted by Dejan Bosanac <de...@nighttale.net>.
Hi,
AjaxServlet can't be exposed to the web in general. It must be a part of the
application which is running the client js code to send/receive messages. If
you need a general-purpose web interface, try using REST. As for security
you can secure it using basic-auth or any other method used on the web.
Cheers
--
Dejan Bosanac - http://twitter.com/dejanb
Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net
On Tue, Jan 19, 2010 at 5:28 PM, mastaskillz33 <ai...@csc.com> wrote:
>
> I've developing an application on google's app engine. I would like to
> integrate it with active mq. I figure I could put my active mq server
> exposed to the web except I would need to authenticate users before
> allowing
> them to pub sub to the Q. How should I do this. I basically want them to
> log
> into the app engine site and not be prompted again
> --
> View this message in context:
> http://old.nabble.com/Active-MQ-ajax-and-security-tp27228521p27228521.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>