1. No, you can either develop your own JAAS LoginModule or use the Glassfish LoginModule. The LoginModule gets picked up by the ActiveMQ JaasAuthenticationBroker. You specify what module to pick up via a combination of broker XML file and the login.config file. Keep in mind that this is for 'authentication' and not authorization.
3. ActiveMQ's default JAAS LoginModule (see PropertiesLoginModule) will automatically pickup modifications made to the user and group properties file. It reads the file every time the login method gets called. 4. I don't think so, but you could take advantage of org.mortbay.jetty.security.Credential. 5. Authorization is performed by the BrokerFilter; there's no dependency on transport type at that level. The ConnectionInfo object just needs to render a username and password. Hope this helps, Joe www.ttmsolutions.com Patrick Julien-2 wrote: > > I have read the security page found at > http://activemq.apache.org/security.html but I am somewhat confused by the > information found there. > > 1. If I wanted ActiveMQ to work with a Glassfish realm, Glassfish does > indeed use JAAS, would I need to code my own plugin based on BrokerPlugin? > Or would it be possible to configure the current JAAS plugin to work with > the glassfish realm? Note here that I am not looking to replace the > OpenMQ > instance found inside Glassfish itself, ActiveMQ would run standalone > outside any container. > > 2. If I do need to make my own plugin based on BrokerPlugin, what jars are > actually needed to accomplish this? > > 3. Say this turns out to be too complicated to bridge the two together. > How > sensitive would ActiveMQ be to having the "users.properties" and > "groups.properties" files being refreshed periodically from realm data? > > 4. Is it possible to hash the passwords found in user.properties? > > 5. ActiveMQ supports many transports but it's my understanding that not > all > of them support authorization. Is there an exaustive list somewhere of > which transports support authorization and which do not? > > thank you, > > -- > http://www.spectrumdt.com > http://codepimps.org > > -- View this message in context: http://www.nabble.com/ActiveMQ-and-Glassfish-Realm-tp18405818p18412028.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
