I think the SecuritySettingPlugin will not solve my issue but an ActiveMQSecurityManager3 custom implementation could be.
So I tried to plug an ActiveMQSecurityManager3 implementation but without any success. From my understanding this plugin should be defined into bootstrap.xml but unfortunately I found no way to replace the jaas-security tag with another one pointing to my configuration DTO (the xsd doesn’t provide alternative tag to jaas-security) Anyway, just to be sure if the ActiveMQSecurityManager3 api could fit my needs, is the method validateUserAndRole called before every publish/subscribe? > Il giorno 26 ago 2019, alle ore 18:00, Christopher Shannon > <christopher.l.shan...@gmail.com> ha scritto: > > You might need to write some custom code to do what you want and you could > try a custom Security plugin. > See the API and Java docs for the security setting plugin: > https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/SecuritySettingPlugin.java > > If you need even more control you can create your own SecurityManager and > register it with the broker. The interface to extend is: > https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager3.java > > The validateUserAndRole() method is where you do your ACL checks > > A default implementation that delegates to a JAAS module is including in > the broker already which you can use as an example or to extend: > https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java > > On Mon, Aug 26, 2019 at 8:01 AM Modanese, Riccardo > <riccardo.modan...@eurotech.com.invalid> wrote: > >> I already read this page and I wasn’t able to find any helpful information. >> In our use case each user has ACL depending on the username itself. >> Moreover a user can be added at runtime and the broker must be able to >> create and handle correctly the ACL also for the new created user. >> >> So, at the end, what I need is the capability of creating ACL >> programmatically and keep them in a session in order to be used every time >> a client publishes a message or subscribes an address. >> In ActiveMQ 5 this was possible ( [1] - [2] ) by creating a >> DefaultAuthorizationMap object, but I cannot find a similar object in >> Artemis >> >> [1] >> https://github.com/eclipse/kapua/blob/develop/broker-core/src/main/java/org/eclipse/kapua/broker/core/plugin/KapuaSecurityBrokerFilter.java#L683 >> [2] >> https://github.com/eclipse/kapua/blob/develop/broker-core/src/main/java/org/eclipse/kapua/broker/core/plugin/KapuaSecurityBrokerFilter.java#L557 >> >> >> Il giorno 26 ago 2019, alle ore 13:43, Christopher Shannon < >> christopher.l.shan...@gmail.com<mailto:christopher.l.shan...@gmail.com>> >> ha scritto: >> >> All of the info you should need to get started should be here: >> >> https://activemq.apache.org/components/artemis/documentation/latest/security.html >> >> On Mon, Aug 26, 2019 at 6:24 AM Modanese, Riccardo >> <riccardo.modan...@eurotech.com.invalid> wrote: >> >> Hello, >> In our ActiveMQ 5.x security plugin code we are enforcing ACL >> programmatically so I’m investigating how to migrate our current ACL from >> ActiveMQ 5.x to Artemis. >> >> I took a look into Artemis source code and I didn’t find any similar >> object to those present in ActiveMQ 5.x (E.g. >> org.apache.activemq.security.AuthorizationMap, >> org.apache.activemq.security.AuthorizationEntry, ...) >> >> Can you point me to the right direction? >> >> >>
