qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Kennedy <andrewinternatio...@gmail.com>
Subject Re: Qpid/Java Security Model
Date Mon, 07 Jun 2010 11:03:01 GMT
On 7 June 2010 06:49, Danushka Menikkumbura <danushka@wso2.com> wrote:
> Hi devs,
> AFAIK Qpid does not posses a pluggable security architecture. I basically
> need to integrate a custom security implementation - apart from the SASL/ACL
> based model that is there - so that I can use the security model in my
> application to do authentication/access control in the Qpid broker. I would
> like to know if you are already working on it or planning to have something
> like that in the near future.
> Danushka


What is it about the SASL and ACL security mechanisms that means you
cannot use them?

I recently finished some updates to the security plugins and I am
still working on improving the access control mechanisms and adding a
pluggable groups mechanism to the existing SASL authentication, both
as OSGi plugins. One feature I have still to complete include the
ability to allow external plugins to check if they are authorised,
similar to the C++ broker, using an ACL entry that permissions OBJECTs
with a specific class and package, which may be what you are looking

-- andrew d kennedy ? edinburgh : +44 7941 197 134

Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org

View raw message