Thank you, In 4, I don't understand how I would plug Credential from Jetty in combination with the user.properties file or is that a completely new alternative you're proposing here?
On Fri, Jul 11, 2008 at 4:33 PM, Joe Fernandez < [EMAIL PROTECTED]> wrote: > > 1. No, you can either develop your own JAAS LoginModule or use the > Glassfish > LoginModule. The LoginModule gets picked up by the ActiveMQ > JaasAuthenticationBroker. You specify what module to pick up via a > combination of broker XML file and the login.config file. Keep in mind that > this is for 'authentication' and not authorization. > > 3. ActiveMQ's default JAAS LoginModule (see PropertiesLoginModule) will > automatically pickup modifications made to the user and group properties > file. It reads the file every time the login method gets called. > > 4. I don't think so, but you could take advantage of > org.mortbay.jetty.security.Credential. > > 5. Authorization is performed by the BrokerFilter; there's no dependency on > transport type at that level. The ConnectionInfo object just needs to > render a username and password. > > Hope this helps, > Joe > www.ttmsolutions.com > > > > Patrick Julien-2 wrote: > > > > I have read the security page found at > > http://activemq.apache.org/security.html but I am somewhat confused by > the > > information found there. > > > > 1. If I wanted ActiveMQ to work with a Glassfish realm, Glassfish does > > indeed use JAAS, would I need to code my own plugin based on > BrokerPlugin? > > Or would it be possible to configure the current JAAS plugin to work with > > the glassfish realm? Note here that I am not looking to replace the > > OpenMQ > > instance found inside Glassfish itself, ActiveMQ would run standalone > > outside any container. > > > > 2. If I do need to make my own plugin based on BrokerPlugin, what jars > are > > actually needed to accomplish this? > > > > 3. Say this turns out to be too complicated to bridge the two together. > > How > > sensitive would ActiveMQ be to having the "users.properties" and > > "groups.properties" files being refreshed periodically from realm data? > > > > 4. Is it possible to hash the passwords found in user.properties? > > > > 5. ActiveMQ supports many transports but it's my understanding that not > > all > > of them support authorization. Is there an exaustive list somewhere of > > which transports support authorization and which do not? > > > > thank you, > > > > -- > > http://www.spectrumdt.com > > http://codepimps.org > > > > > > -- > View this message in context: > http://www.nabble.com/ActiveMQ-and-Glassfish-Realm-tp18405818p18412028.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. > > -- http://www.spectrumdt.com http://codepimps.org
