With this post i’m starting a short series of articles on creating custom security plugin’s for ActiveMQ server (probably the most flexible MOM/messaging solution around; imho).
To get a quick overview of how powerful ActiveMQ plugin API really is, let’s start with some basic background information:
- The flexibility of ActiveMQ plugin API comes from the BrokerFilter class
- BrokerFilter class provides the ability to intercept many of the available broker-level operations, such as:
- adding consumers to the broker
- adding producers to the broker
- committing transactions in the broker
- adding connections to the broker
- removing connections from the broker
- Custom functionality can be added by extending the BrokerFilter class and overriding a method for a given operation
Using the ActiveMQ plugins API is one way to approach broker security; used often for requirements (security, among others) that can’t be met using either:
- ActiveMQ’s native Simple Authentication Plugin (which handles credentials directly in XML configuration file or in a properties file)
or - JAAS-based pluggable security modules (JAAS stands for Java Authentication and Authorization Service). What is worth mention is that ActiveMQ comes with JAAS-based implementations of some modules that can authenticate users using properties files, LDAP, and SSL certificates; which will be enough for many use cases.
OK, having said the above, let’s move on and study following example implementations:
Resources:
- IP-based Authentication Plugin for ActiveMQ (https://mariuszprzydatek.com/2014/01/04/ip-based-authentication-plugin-for-activemq/)
- Token-based Authentication Plugin for ActiveMQ (https://mariuszprzydatek.com/2014/01/04/token-based-authentication-plugin-for-activemq/)
- JAAS Reference Guide (http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html)
- Java SE Security (http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html)
mariuszprzydatek.com 
Leave a Reply