Is it possible to control access to the rest interface via JAAS? We have internal JAAS modules for allowing roles based access.
Thanks, --Allen Reese > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Hiram Chirino > Sent: Tuesday, May 17, 2011 5:05 PM > To: Lionel Cons > Cc: [email protected] > Subject: Re: Security of the management interface > > Good feedback. Opened some issues to track. Feel free to > add more as they come to mind. > > https://issues.apache.org/jira/browse/APLO-11 > https://issues.apache.org/jira/browse/APLO-12 > > Regards, > Hiram > > FuseSource > Web: http://fusesource.com/ > > Connect at CamelOne May 24-26 > The Open Source Integration Conference > > > > On Tue, May 17, 2011 at 2:14 AM, Lionel Cons > <[email protected]> wrote: > > Hiram, > > > > First of all, thanks for starting to document the management > > interface. I hope you will add the missing bits (e.g. get/update > > apollo.xml, shutdown the > > broker...) soon. > > > > Here are some security related comments. > > > > Since credentials will be given in clear to the management > interface > > (HTTP basic authentication), Apollo should support SSL > encryption for it. > > > > The current authorization scheme (allow users defined in > broker.admin > > to do > > everything) is not fine grain enough. At minimum, there > should be the > > possibility to have two different accesses: read-only (only get > > information without changing the broker state) and > read-write (such as > > restarting the broker, changing its configuration, deleting a > > queue...). Note that the broker configuration is very > sensitive since > > it may contain clear text passwords (e.g. <key_storage>) > and security > > settings (who is allowed to do what). > > > > Maybe the management interface should have its own fine > grain access > > control (a bit like httpd) so that one can specify at the > URL level who can do what? > > > > The management interface will probably be extended to > include what the > > ActiveMQ web console provides today. If this is the case, > actions such > > as browsing a queue, inspecting a message, sending a message, etc. > > should be controlled by the same per destination ACLs used > by the STOMP access. > > > > Cheers, > > > > Lionel > > >
