Your case is supported. You need to authenticate both your brokers and clients in the same way and then give them different privileges (using authorization).
See http://activemq.apache.org/security.html for more information. In the example I sent you earlier, there are no usernames and passwords as the brokers are authenticated using their certificates (I thought that's what you're trying to do). Cheers -- Dejan Bosanac ----------------- FuseSource - The experts in open source integration and messaging. Email: [email protected] Web: http://fusesource.com Twitter: http://twitter.com/dejanb ActiveMQ in Action - http://www.manning.com/snyder/ Blog - http://www.nighttale.net On Tue, Dec 14, 2010 at 6:55 PM, artnaseef <[email protected]> wrote: > > Can this solution meet all of my needs? Let me clarify the needs. > > Authorized brokers must be distinguished from end-clients. For example, > some clients will be limited in which queues and topics they are allowed to > access, which messages they may receive, and more. On the other hand, > authorized brokers connected to the network will always be allowed to access > all queues and topics (at least, in the current design). > > In addition, a separate system maintains the end-client permissions based on > information in the SSL certificate (DN). > > Are user/password credentials applied to distinguish brokers? I'm not > seeing user/password credentials in the test. > > If the JAAS plugin can meet my needs, that would be great. > -- > View this message in context: > http://activemq.2283324.n4.nabble.com/BrokerFilter-securing-addBroker-via-SSL-certs-tp3086239p3087621.html > Sent from the ActiveMQ - Dev mailing list archive at Nabble.com. >
