How much more work needs to occur to get Stomp protocol support to a usable state? The biggest issue is lack of any authentication support for Stomp, so anyone with access to the Stomp port can get and send anything. I can't imagine that anyone is using Stomp in production yet.
But is anyone working on this? I've looked into the JAAS stuff, and the Stomp code in ActiveMQ. It would take me a week to figure out how to wrap Stomp with JAAS, as I have never worked with JAAS before. I assume the original author of the Stomp support probably skipped authentication. Does anyone have any patches? Or any insight on how to fix this? I really want usable Stomp support in ActiveMQ. The Web Console has similar issues. There is no easy way to password protect it. But if you password protect JMX access, it will break the Web Console. I assume that everyone that uses ActiveMQ in production today, is using just OpenWire and JMX, and not the Web Console or Stomp. Is that the case? Or, are users not aware of the default-open security configuration of ActiveMQ? Tom
