Re: Securing queues and topics in embedded ActiveMQ

[David Jencks]

On Mar 18, 2009, at 7:19 AM, Raj Saini wrote:
Hi David,

I explored it further and found that Geronimo Security Realms work  
file with the ActiveMQ. Problem is with the ActiveMQ  
authorizationPlugin. In AuthorizationEntry class
<code>
  private String groupClass =  
"org.apache.activemq.jaas.GroupPrincipal";
</code>
is hard coded. I think if the group class can be made configurable   
(e.g pass  
theorg 
.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal),  
authorization should work. Looking at the ActiveMQ docs, it seems be  
possible using the interceptor stuff. Please guide me if this is a  
right approach and I will give it a try.

I can think of a lot of possible approaches but this certainly seems  
like a simple way to proceed.

Another thing you might try is modifying the LoginModule you are using  
to create the activemq group principal. Geronimo has very configurable  
principal-role mappings so you could just change any of these you need  
to use the activemq principal.  You might also be able to add an  
additional login module that "duplicated" the geronimo group  
principals into amq group principals.   However I think in general it  
would be more useful to more people to make activemq a little more  
flexible.... I'm hoping you can contribute this back to activemq.

many thanks
david jencks



Thanks,

Raj


From: David Jencks <david_jen...@yahoo.com>
To: user@geronimo.apache.org
Sent: Friday, 13 March, 2009 10:29:10 PM
Subject: Re: Securing queues and topics in embedded ActiveMQ


On Mar 13, 2009, at 4:54 AM, Raj Saini wrote:

Hi,

I am having problem securing the ActiveMQ admin objects (queues and  
topics) in embedded ActiveMQ.I can do this on a standalone ActiveMQ  
using JAAS login module plugin. Is it possible to do the same in  
embedded ActiveMQ and probably using the Geronimo security realms.

That would be a great feature but I don't think anyone has figured  
out how to do this yet.  I suspect you'd need to write some code to  
adapt activeMQ to the geronimo security framework.

If you investigate further please let us know what you find out!   
You might want to work with geronimo trunk (2.2-SNAPSHOT) as it uses  
the much more up to date activemq 5.3-SNAPSHOT and if changes to  
activemq are needed there's a much better chance of getting them  
included in a future release.

thanks
david jencks



Regards,

Raj