Hello Huntc, I read your blog especially the Authorisation part. I think we are talking about the same thing. The LDAP server I set up also uses ACI to grant or limit the access to specific topic/queue.
I guess this discussion is mainly about whether ActiveMQ has an embedded JNDI provider for centralized management. Because the LDAP server I have to set up is exclusive for ActiveMQ, however, the availability of LDAP server is separate from ActiveMQ. In other words, if LDAP says you could use this queue, you still could not use the queue if ActiveMQ broker is down. Vice versa, if LDAP server is down, although all the resources are available in the JMS broker, you still could not uses any of them. Lijun huntc wrote: > > > janylj wrote: >> >> I was trying to have a centralized repository of destinations and >> ConnectionFactory. I could use a uniform namespace for destination to >> avoid conflicting. However, I don't want to allow users creating >> destination or ConnectionFactory on the fly. I would like them accessing >> the broker only through administrative objects. >> > > I believe you are going about this the wrong way. What you really want is > topic/queue authorisation i.e. only let certain authenticated users do > certain things within the broker. > > You might find my blog entry on securing ActiveMQ useful. Authorisation is > covered. > > http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html > > -- View this message in context: http://www.nabble.com/ActiveMQ-JNDI-support-only-for-testing--tp21925743p22583570.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
