----- "ttmdev" <[EMAIL PROTECTED]> wrote: > Out of the box, ActiveMQ provides a modest authentication service via > the > simpleAuthenticationPlugin. See > http://activemq.apache.org/security.html . > When enabled it will force the clients to provide a valid userid and > passwd > in order to successfully connect with the broker. It won't prevent a > DOS > attack, but at least it will keep just anyone from gaining access to > the > broker.
The simpleAuth plugin isn't the only option. JAAS is available. You can link to any JAAS plugin. But beware, this does not work for the Stomp protocol. You should switch Stomp off, or patch it. The Stomp connector in all released versions of ActiveMQ allows access with any username and password to any queue. ActiveMQ opens up quite a number of interfaces. Unfortunately, it does not ship in default closed configuration, as I wish it did. Tom
