Just as an afterthought: I'll need the webconsole to allow only non-modifying actions for a certain group of users. F.e. it should be possible to view the contents of a queue but not to purge it. While a solution to this is rather straightforward, namely to use the JEE-role based security model (isUserInRole) it's not exactly configuration friendly. We'd need some way to have a 'default' way that doesn't check for anything. Another way'd be to rely onto the activemq-security and let it decide if a user may purge a queue or not. However this'll need to be able to pass the user to activemq. Anyone running such a configuration?
Let me know what you think on this subject Mario On 6/25/07, Mario Siegenthaler <[EMAIL PROTECTED]> wrote:
Hi Tom pointed out the problem with the web console and a secured JMS-connection. While it's already possible to configure that over JNDI and straightforward to make that configurable via system-properties, this will be an issue for the in-vm jetty, that's started with the broker. We'd require the user to set a user/password to connect to the invm-broker. IMO this is quite a hassle (the same thing is true for the console, this thing in fact kills the broker because it can't startup because it gets a invalid username/password exception). The easiest thing'd be to allow vm:// connections without checking for username/password. The problem with this approach is certainly that the policy check on the queues/topics'd have to be ignored. Any thoughts on this topic? I'll be happy to write a patch as soon as I know the way we want to go. Mario
