activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ngcutura <>
Subject LDAP Authorization
Date Mon, 26 Jun 2006 21:47:36 GMT


I am working on LDAPAuthorizationMap to enable use of LDAP for storing
access privilege information. The project I am engaged in requires dynamic
creation of destinations and users so external source of authentication and
authorization information is crucial.

I checked out code from SVN and managed to build it with Maven and Eclipse.
Thanks to Hiram and James for instructions. :-) The idea of
LDAPAuthorizationMap is simple: there is hierarchy like this one:

       read: role1
       read: role2
       write: role3
       admin: role2
      read: roleA
      write: roleB
      write: roleC
      admin: roleD

It is quite easy to obtain read, write and admin ACLs from this hierarchy.

However, looking at the code of DefaultAthorizationMap, AuthorizationEntry,
DestinationMap and DestinationMapEntry I cannot clearly differentiate
between default behaviour of AuthorizationMap (except for the interface) and
implementation specifics of authorization map defined in AMQ config file.

My questions (that I believe will clear something out for me):
 - how are authorization data from AMQ config file passed to the code? I
believe it is DefaultAuthorizationMap or SimpleAuthorizationMap.
 - how should I specify LDAP configuration in AMQ config? These config
information are similar to those of LDAPLoginModule which are specified in
java VM login policy file.
 - AuthorizationMap is supposed to return Set of privileged Principals.
DefaultAuthorizationMap relies on AuthorizationEntry that seems specific to
AMQ config file (parseACLs(String) method parses String from config file).
Am I supposed to create a subclass of AuthorizationEntry that will return
information parsed from LDAP server?

I would really appreciate some guidance.


View this message in context:
Sent from the ActiveMQ - Dev forum at

View raw message