There's both authentication and authorization to take into account. If you want to take your direct programmatic approach via JMX, consider creating security plug-ins through which you can both authenticate and authorize. Maybe use the existing security plug-ins as models. Extend AuthorizationBroker so that you can override and actually implement the SecurityAdminMBean methods. Then have your plug-in register it with the MBeanServer. Question: how do you intend to persist your updates so that they stick if and when you do bounce the broker?
Joe Get a free ActiveMQ User Guide @ http://www.ttmsolutions.com gfrank wrote: > > hopefully someone can give advice on this, my project requires dynamic > creation of topics, users and roles such that a given topic can only be > accessed by one user and that user can only access that one topic. this > must be done in a programmatic fashion without bouncing the activemq > server a a user represents a customer and the system must be able to add > customers on-the-fly without downtime. > > i've noticed an object: org.apache.activemq.security.AuthorizationBroker > which implements a jmx interface to create roles and add them to users and > topics. I'm not sure if this is a proper target for my needs and i dont > see it visible in a jmx console. > > perhaps the answer is to move to some sort of database-backed > authentication module and then just manipulate the database with code? > i'd prefer to keep databases out of my implementation and use direct > programmatic manipulation of the activemq server. > > thanks for any advice, > Greg > -- View this message in context: http://www.nabble.com/Dynamic-Security-Configuration-of-users-and-roles-tp20352446p20353105.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
