You should be able to use the normal servlet engine security to ensure only authenticated people can publish. Another option is using JMS security on the topics/queues...
http://incubator.apache.org/activemq/security.html On 10/3/06, jefetech <[EMAIL PROTECTED]> wrote:
My ajax chat client currently does not prevent a knowledgeable web developer from making an HTML form, anb posting to my MessageListener servlet with a correctly formatted message which will go to all users logged in. Something like this: <form action="http://www.mydomainname.com/amq/?"; method="POST"> <input type="hidden" name="destination" value="topic://CHAT.MYTOPIC"> <input type="hidden" name="type" value="send"> <input type="hidden" name="message" value="<message type='chat' from='Webmaster'>Screw all ya all</message>"> <input type="submit" value="Do It"></form> Is there anyway to prevent this? At minimum, maybe a check in the servlet for referring url. -- View this message in context: http://www.nabble.com/Preventing-post-from-external-URLs-tf2374191.html#a6614621 Sent from the ActiveMQ - User mailing list archive at Nabble.com.
-- James ------- http://radio.weblogs.com/0112098/
