activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ngcutura <ngcut...@gmail.com>
Subject LDAP Authorization
Date Mon, 26 Jun 2006 21:47:36 GMT

Hi,

I am working on LDAPAuthorizationMap to enable use of LDAP for storing
access privilege information. The project I am engaged in requires dynamic
creation of destinations and users so external source of authentication and
authorization information is crucial.

I checked out code from SVN and managed to build it with Maven and Eclipse.
Thanks to Hiram and James for instructions. :-) The idea of
LDAPAuthorizationMap is simple: there is hierarchy like this one:

destinations
  topic
    topicA
       read: role1
       read: role2
       write: role3
       admin: role2
  queue
    queue1
      read: roleA
      write: roleB
      write: roleC
      admin: roleD

It is quite easy to obtain read, write and admin ACLs from this hierarchy.

However, looking at the code of DefaultAthorizationMap, AuthorizationEntry,
DestinationMap and DestinationMapEntry I cannot clearly differentiate
between default behaviour of AuthorizationMap (except for the interface) and
implementation specifics of authorization map defined in AMQ config file.

My questions (that I believe will clear something out for me):
 - how are authorization data from AMQ config file passed to the code? I
believe it is DefaultAuthorizationMap or SimpleAuthorizationMap.
 - how should I specify LDAP configuration in AMQ config? These config
information are similar to those of LDAPLoginModule which are specified in
java VM login policy file.
 - AuthorizationMap is supposed to return Set of privileged Principals.
DefaultAuthorizationMap relies on AuthorizationEntry that seems specific to
AMQ config file (parseACLs(String) method parses String from config file).
Am I supposed to create a subclass of AuthorizationEntry that will return
information parsed from LDAP server?

I would really appreciate some guidance.

Regards,
NGC

--
View this message in context: http://www.nabble.com/LDAP-Authorization-t1851705.html#a5055596
Sent from the ActiveMQ - Dev forum at Nabble.com.


Mime
View raw message