I'd like to implement an authorization plugin that would allow me to implement a fully automatic authorization policy. Here's an outline of what I want:
We have a broker that is a hub in a hub & spoke topology network of brokers. A connections to this hub broker are via SSL and the hub broker requires SSL client authentication. We require the client certificates to always be of a form where the Common Name (CN) of the certificate defines the user. So, for example, if we instead used a jaas.TextFileCertificateLoginModule the user.properties file would look like this: user1=CN=user1,O=Silver Tail Systems,ST=California,C=US userFoo=CN=userFoo,O=Silver Tail Systems,ST=California,C=US ... userZeta=CN=userZeta,O=Silver Tail Systems,ST=California,C=US Meanwhile, the AuthorizationMap we want would look something like this: <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry topic=">" read="admins" write="admins" admin="admins" /> <authorizationEntry topic="user1.>" read="user1" write="user1" admin="user1" /> <authorizationEntry topic="userFoo.>" read="userFoo" write="userFoo" admin="userFoo" /> ... <authorizationEntry topic="userZeta.>" read="userZeta" write="userZeta" admin="userZeta" /> <authorizationEntry topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> If we use jaas.TextFileCertificateLoginModule, we have to update the users.properties, groups.properties file and the authorizationMap in the activemq.xml file every time we add a user. We can automate this with scripting, but a more elegant solution would be to write our own plugin(s) to implement this policy. I'm in the process of scoping this effort, and so far I haven't found anything other than javadocs on the various classes to guide me. Can anyone provide a high level outline of how I would implement this? Thanks, Jim Lloyd Silver Tail Systems
