I've just added the support for this. The default login.conf is now
generated with the following
login module.
//
// Support accepting/rejecting connections based on the remote IP address.
//
// The black-list.txt is a text file that contains a new line
separated IP address
// which are not allowed to connect to this server.
//
org.apache.activemq.apollo.broker.security.SocketAddressLoginModule required
// Uncomment to use a while list of allowed address that can connect to us
// white_list_file="white-list.txt"
black_list_file="black-list.txt"
;
By default it's only black listing IPs, but you can easily configure
it to only allow remote
connections from the white list.
Regards,
Hiram
FuseSource
Web: http://fusesource.com/
On Wed, Jun 8, 2011 at 11:09 AM, Hiram Chirino <[email protected]> wrote:
> I thinks that's a great Idea. We should be able to pass the IP
> information to a login module just as easy as we pass the credentials.
>
> Opened up:
> https://issues.apache.org/jira/browse/APLO-38
>
> Regards,
> Hiram
>
> FuseSource
> Web: http://fusesource.com/
>
>
>
>
> On Wed, Jun 8, 2011 at 6:50 AM, Lionel Cons <[email protected]> wrote:
>> Hiram,
>>
>> In our environment, we may have to use IP based security.
>>
>> One way to do it would be to have a JAAS module that would not require
>> any login/passcode (like the guest module) and that would add a principal
>> containing the IP address of the origin of the connection.
>>
>> This way, we can build authentication and authorization on top of it.
>> We can also add it to the message header thanks to add_user_header and
>> have traceability (= where does this messge come from?).
>>
>> Does it make sense to add this to Apollo?
>>
>> Cheers,
>>
>> Lionel
>>
>
