You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Tom Samplonius <to...@samplonius.org> on 2007/06/01 04:42:48 UTC
Does JAAS work for Stomp access?
I'm trying to implement some security on queues for Stomp clients. I have this config:
<plugins>
<jaasAuthenticationPlugin configuration="activemq-domain" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="vps" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
and user.properties
system=manager
user=password
guest=password
and group.properties:
group.properties
And I added "-Djava.security.auth.login.config=${ACTIVEMQ_BASE}/conf/login.conf" to the startup options.
But I can still can login with Stomp, with any username and password, and get messages.
Tom
Transmitting passwords with ActiveMQ
Posted by Aleksi Kallio <al...@csc.fi>.
Hi,
We are transmitting passwords over a SSL encrypted ActiveMQ connection.
We would like to make sure that password are erased from memory as soon
as possible. Doing this in our own code is easy, just using char-arrays
and erasing them in finally blocks, but is there a way to ensure that
ActiveMQ erases message contents immediately after they are processed?
We are using topics (named and temporary) and MapMessages.