On 7/12/06, Eugene Prokopiev <[EMAIL PROTECTED]> wrote:
Hi,I need to implement this advanced authentication and authorization scenario: 1) Every user can be member of 2 user groups: message readers and message writers 2) Readers group must only read only from queue messages.{username} where {username} is authenticated user name 3) Writers group must only write only to queue messages.{username} where {username} is authenticated user name I can use existing JaasAuthenticationPlugin or SimpleAuthenticationPlugin for authentication. I can use existing AuthorizationPlugin for authorization but it's not optimal: I need to modify it's configuration on every change in users/groups. So, it will be more suitable to implement my own CustomAuthorizationPlugin to do it. What is the right way to implement my own CustomAuthorizationPlugin? I tried to see AuthorizationPlugin and AuthorizationBroker implementations but I see the code overcomplicated for my more simple task.
If you find the existing code too complex to understand/reuse just write a new implementation. You could reuse the AuthorizationPlugin/AuthorizationBroker and just implement your own AuthorizationMap - or just write your own broker interceptor and override the methods that the AuthorizationBroker does to add security checks to the broker however you wish.
Can I implement only one class for intercept sending and recieving events with user/group info and raise authentication exception if needed? Need I use something like BrokerFilter and override some methods from it? How can I turn on my descendant of BrokerFilter for existing broker in this case? Can anybody give me a simple example?
Yes BTW take a look at how the logging interceptor is written; combining the BrokerFilter and BrokerPlugin in a single class... http://svn.apache.org/repos/asf/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/broker/util/ http://incubator.apache.org/activemq/logging-interceptor.html BTW we welcome contributions, so please share with us what you end up with :) http://incubator.apache.org/activemq/contributing.html -- James ------- http://radio.weblogs.com/0112098/
