Security features in Artemis 2.x

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Security features in Artemis 2.x

xabhi
This post was updated on .
Hi,

I am currently using ActiveMQ v5.14 and have been using it in production for
quite a long time without any issues. I want to use authentication and
authorization in ActiveMQ but haven't because of lack of Kerberos support
and have been following - https://issues.apache.org/jira/browse/AMQ-4693. I
am not sure when this will be available.
Artemis documentation mentions Kerberos support in Security section but it
isn't clear to what extent it is supported. I mainly use Openwire and STOMP
protocol. Clients are JMS, .NET, Python/Perl/JS (STOMP)
- is it available for tcp connector?
- can i use it with STOMP protocol
- How will kerberos authentication work? Any examples for this
- how authorization will be done with respect to a user? How will Artemis
know which user has which role?

Other compatibility concerns are like:
- current clients being able to connect to Artemis without any issues. Is
there a migration guide for server/client?
-Multi-kahadb support
-Automatically destroy offline durable subscribers etc.

It would be really helpful to know what support from above is present in
current Artemis version and to what extent or if I should log any JIRA.
Security and Kerberos support would be a big motivation for me to migrate to
Artemis. I am really excited to see Artemis as ActiveMQ 6.

Thanks,
Abhi


--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: Security features in Artemis 2.x

xabhi
Hi,

Can any Artemis dev please comment on these? The documentation doesn't touch
upon these points and it isn't clear in what aspects the security is
different/better when compared to ActiveMQ

Thanks,
Abhishek



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: Security features in Artemis 2.x

christopher.l.shannon
I can answer a few of the questions however I suggest reading the migration
guide and the Artemis documentation as I think a lot of your questions will
be answered in there.

https://activemq.apache.org/artemis/migration/
https://activemq.apache.org/artemis/docs/latest/

1) Artemis supports its own CORE protocol (JMS), OpenWire(JMS), STOMP,
AMQP, and MQTT.  So it supports the same protocols as the 5.x broker along
with the CORE protocol.
2) For migration of clients, if you are just using JMS you can just use the
native CORE protocol and migrate easily.  You also have the option to use
OpenWire so all existing clients wouldn't need to change anything.
3) There is no KahaDB or MultiKahaDB as the journal is a completely
different implementation.  However there is a paging store so messages will
go to their own directory on the filesystem which is similar to
MultiKahaDB.  The journal also has compaction so the issues of KahaDB not
cleaning up shouldn't be a problem with Artemis.
4) For connectors your can use TCP and websockets (and TLS enable if you
want)
5) For authorization take a look at the above links.

For Kerberos I will let someone else answer as I haven't used it yet.

On Mon, Jun 11, 2018 at 2:40 AM xabhi <[hidden email]> wrote:

> Hi,
>
> Can any Artemis dev please comment on these? The documentation doesn't
> touch
> upon these points and it isn't clear in what aspects the security is
> different/better when compared to ActiveMQ
>
> Thanks,
> Abhishek
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
>
Reply | Threaded
Open this post in threaded view
|

Re: Security features in Artemis 2.x

xabhi
Thanks Christopher for the migration guide. It wasn't linked in the artemis
user manual. It is a useful resource.

As I mentioned Kerberos support would be a big motivation for an early
migration to Artemis. In the user manual it isn't clear to what extent
Kerberos is supported like it is mentioned only for amqp transport.
Can I use Kerberos with tcp connector and STOMP protocol? Any docs or
examples for configuring this would be of great help.

Thanks,
Abhi



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html