Re: Determining the client's AMQ interface within a JAAS login module

Tue, 19 May 2009 04:14:26 -0700 

I have looked into this further and determined that my previous post was not
complete.

I have now written an extension of the JaasCertificateAuthenticationBroker
so that it only authenticates against an SSL certificate if an SSL transport
is being used. You can browse the class  
http://code.google.com/p/jaasloginmodules/source/browse/tags/JAAS%20Login%20Modules-1.2.0/src/main/java/com/classactionpl/jaas/activemq/SslCertificateAuthenticationBroker.java
here .

To use this class you can check the project out from the 
http://code.google.com/p/jaasloginmodules/source/browse/tags/JAAS+Login+Modules-1.2.0/
1.2.0 tag .

After building the project using Maven drop the resultant jar file in AMQ's
lib/optional folder and configure activemq.xml like so:


    <plugins>
      <bean xmlns="http://www.springframework.org/schema/beans"; 
                id="SslCertificateAuthenticationPlugin" 
              
class="com.classactionpl.jaas.activemq.SslCertificateAuthenticationPlugin">
        <property name="configuration" value="activemq-domain"/>
        <property name="nonsslUsername" value="nonssluser"/>
        <property name="nonsslGroups">
          <set>
            <value>jms-services</value>
            <value>activemq-users</value>
          </set>
        </property>
      </bean>

      <!--  lets configure a destination based authorization mechanism
-->
      <authorizationPlugin>
        <map>
          <authorizationMap>
            <authorizationEntries>
              ...

              <authorizationEntry topic="ActiveMQ.Advisory.>"
                read="activemq-users"
                write="activemq-users"
                admin="activemq-users" />
            </authorizationEntries>
          </authorizationMap>
        </map>
      </authorizationPlugin>
    </plugins>


There is a unit test for the plugin which of course passes and I have tested
it against an application that uses both an SSL transport and a TCP
transport to connect with the broker. FYI the machine that hosts the broker
will only expose the SSL port to the outside world thus preventing anonymous
connections.

I hope that this code is useful to you.

Kind regards,
Christopher
-- 
View this message in context: 
http://www.nabble.com/Determining-the-client%27s-AMQ-interface-within-a-JAAS-login-module-tp23018992p23614159.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Reply via email to