Hi, In a project, we're extending the SecuredBroker's authorization mechanism by including XACML functionality. We're operating on SM 3.1.1.
Basically, this is rather straightforward to implement. The broker maintains all XACML policies (in memory). Whenever a MessageExchange passes along, we extract certain attributes and run authorization on it. However, there'll be a (JSR181) service who allows changing the set of available policies. Now we'd need a mechanism that informs the broker that a change has occurred, such that it updates its policies. When we only have a single instance of the SM container running, from the service, we can get access to the container via the component context, obtain its broker, and give it an update (see JIRA issue SM-858). However, our project will deploy SM in a clustered environment - and the outlined approach will only allow us to update the broker of the container in one of the clustered instances. I understand that sending an "update" message won't work, as it will be consumed by the "fastest" container and won't reach all clustered brokers. Now my question is: What would be the best way to achieve synchronization between the brokers of different clustered containers? E.g., is there a way to make sure that a message is being sent to all clustered containers? We'd like to avoid mechanisms based on writing information to permanent memory, as this would seriously affect performance. We were thinking about something related to stateful session beans (we're deploying into JBoss), but then our solution would be bound to the availability of an EJB container. Any ideas? Thanks in advance, Ciao, Philipp This e-mail and any attachments may contain confidential or privileged information. Any unauthorised copying, use or distribution of this information is strictly prohibited.
