Hello everyone, I just started writing some spikes to evaluate Artemis for a PoC and one of the use cases that the setup should saitsfy is to accept authenticated mqtt+wss connections to allow posting to a wildcard of topics specific to a user. This means that a user will have permissions to publish to a wildcard topic expression, for example: A user `userfoo` will have permissions to publish to `stuff/userfoo/#`. The list of users is dynamic and a database holds the authentication information. The end goal is for Artemis to authenticate and authorize based on the information in the database without having to restart the broker on changes. I realise that there are few ways to do this. The common step being to set UserPrinicpal and RolePrinciple using a class implementing the LoginModule. For authorization, 1. An MQTTInterceptor that gets the destination address, gets the subject's principals, and allows only matches to pass through. (Do i throw a SecurityException if match is not found?) 2. Implement a SecuritySetting with HierarchicalRepository that listens to changes and updates the SecuritySettings map: This method looks way too complicated for a simple AuthZ rule that I mentioned earlier. However I'd prefer to have the AuthN and AuthZ fully integrated in the Artemis system so that the Security is done using the core. What could be a better way to implement this?
-- Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html