If I want to implement JAAS authorization on Apache ActiveMQ, do I have to use the plug-in in the activemq.xml configuration file?
This way is really NOT good because if I want to change authorization, I have to change the activemq.xml file and restart the server in order to work.
Is there any way I can use like JAAS authentication by changing other properties file rather than the activemq.xml file? Or can I custom my own authorization plugin?
Thanks.
Whenever I have set up ActiveMQ security, I have found it best to use the plain AuthorizationPlugin with wildcards that denote the destinations covered (which is why it's really handy to use naming conventions fro your queues and topics). The idea is that you define a handful of user groups and grant them access to those destinations.
The role of assigning a group from a username is handled by one of the authentication plugins - the JAAS plugin is particularly useful for externalising this information outside the ActiveMQ config in an LDAP directory.
Check out the ActiveMQ Security Guide from FuseSource (registration required) for further information.
Update 2018-07-02 ActiveMQ Security Guide, now located on redhat.