Re: Is there a way to authorize dynamic destinations with Apache Apollo MQ?

Wed, 08 Apr 2015 17:51:45 -0700 

After a lot of head scratching I figured it out.

In apollo.xml:

    <broker xmlns="http://activemq.apache.org/schema/activemq/apollo";
security_factory="com.me.MyAuthorizationPlugin">

In com.me.MyAuthorizationPlugin:

    package com.me
    
    import org.fusesource.hawtdispatch.DispatchQueue.QueueType
    
    import org.apache.activemq.apollo.broker.security._
    import org.apache.activemq.apollo.broker.{ Queue, Broker, VirtualHost }
    import java.lang.Boolean
    
    class MyAuthorizationPlugin extends SecurityFactory {
    
        def install(broker: Broker) {
                DefaultSecurityFactory.install(broker)
        }
    
        def install(virtual_host: VirtualHost) {
                DefaultSecurityFactory.install(virtual_host)
                val default_authorizer = virtual_host.authorizer
                virtual_host.authorizer = new Authorizer() {
                        def can(ctx: SecurityContext, action: String, resource:
SecuredResource): Boolean = {
                                
                                println("Resource: " + resource.id + " User: " 
+ ctx.user)
                                resource.resource_kind match {
                                        case SecuredResource.TopicKind =>
                                                val id = resource.id
                                                println("Topic Resource: " + id 
+ " User: " + ctx.user)
                                                var result : Boolean = 
id.startsWith("user." + ctx.user) ||
id.startsWith("MDN." + ctx.user + ".")
                                                println("Result: " + result)
                                                return result
                                        case _ =>
                                                return 
default_authorizer.can(ctx, action, resource)
                                }
                        }
                }
        }
    }


The following URLs seemed VERY useful and indeed nearly a perfect match:

 -
https://github.com/apache/activemq-apollo/blob/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml#L18

 -
https://github.com/apache/activemq-apollo/blob/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala#L29

Now I only need to clean up my nasty scala and put it in Git.

I am thinking of doing two tests:

 1. Speed of EXACTLY what I need
 2. A Regex pattern matcher with username / clientID replacements and
+/*/?/etc  This pattern will be pulled from the config file.

If they are nearly identical I may see about adding it to Apollo by
contacting commiters.



--
View this message in context: 
http://activemq.2283324.n4.nabble.com/Is-there-a-way-to-authorize-dynamic-destinations-with-Apache-Apollo-MQ-tp4694359p4694578.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Reply via email to