Change Notes item #526622, was opened at 2002-03-06 12:06 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=381174&aid=526622&group_id=22866
Category: JBossMQ Group: v3.0 (Rabbit Hole) Status: Open Priority: 5 Submitted By: Peter Antman (pra) Assigned to: Nobody/Anonymous (nobody) Summary: New security architecture Initial Comment: JBossMQ now have a new JAAS based security architecture. >From a user perspective the following new features are available: - All connecetions are managed by a security manager. The manager uses the JAAS login framework and uses the security domain jbossmq. By changing the configuration for that security domain in auth.conf it is possible to plugin different user/role datastores under the hood. The deafult is to use the new statemanager. - Connections made without userid is maped by default to guest (changable in auth.conf). - All connections are checked for autentication. To setup a non secured environment requires to remove the security adapter configurations. - All access to destinations are checked for authorization. This is based on a simple role based ACL list where a particular role may have read (subscribe, receive, browse), write (publish,send) or create (durable sub) rights. Every destination have its own configured security configuration. If non is available, the default role guest with read and write rights are used. To create a destination with no access rights (what use is that?) an empty configuration must be used. - Since durable subscriptions is now goverened by access rights it is now possible to dynamically create durable subscriptions without a preconfigured clienID (this is still possible to set up though). To use this the client must set its own clientID right after the connection is set up, and must be logged in as a user that belonges in a group that has create-rights on the topic. - The state manager has been made pluggable. The default state manager is now DynamicStateManager, which uses an XML file for storage, which looks like but is not the same as the older one. There is also a LoginModule wich works agains this store. - The state manager may be used to dynamically add and remove users and roles and save the changes to the file through its MBean interface (to get it to be seen in the server you may somtimes have to flush the authCache in JBoss generall security manager). ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=381174&aid=526622&group_id=22866 _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development
