activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ngcutura <ngcut...@gmail.com>
Subject Re: LDAP Authorization
Date Sat, 15 Jul 2006 22:45:02 GMT

Hi all,

I followed James' advice and created simple LDAPAuthorizationMap. It has no
support for wildcards or composite destinations at the moment.

Attached is a zip archive with 4 files:
LdapAuth.zip 
- LDAPAuthorizationMap.java (module code)
- LDAPAuthorizationMapTest.java (module test)
- LDAPAuthorizationMap.properties (list of module properties)
- AMQAuth.ldif (sample directory used for testing)

Module works through JUnit tests. To run the tests you need to setup a
directory. I used ApacheDS; export of my sample directory is in the file
AMQAuth.ldif. Contents of this file is also present in
LDAPAuthorizationMapTest.java.

I am not familiar with Spring and I was not able to deduce how to specify
module properties in AMQ XML config file. I need help with this and I would
very much appreciate the following:
- given the LDAPAuthorizationMap.properties file produce XML file
- given the LDAPAuthorizationMap.java add code changes to accept properties
from XML file above

I am pretty much sure that my choice of constructor taking Map as argument
is inappropraite but having no knowledge of Spring one choice was as good as
another for me.

Regards,
NGC

James.Strachan wrote:
> 
> On 6/29/06, ngcutura <ngcutura@gmail.com> wrote:
>>
>> Thank you for reply.
>>
>> There is no <bean class="com.acme..." ... > in security example but this
>> is
>> quite important.
> 
> Thats just a way to instantiate some JavaBean using regular Spring style
> syntax.
> 
>> Is there some default class like DefaultAuthorizationMap?
> 
> Yes -  by all means derive from that if you want.
> 
>> What would this declaration be exactly for the security example you
>> referred
>> to?
>>
>> I think I can manage AuthorizationEntry by subclassing it or adding
>> another
>> parse() method.
> 
> You could ignore the DefaultAuthorizationMap/AuthorizationEntry
> entirely and just walk JNDI/LDAP and create a set of GroupPrincipal
> POJOs for each group for a given role & destination). It might be
> simpler than trying to understand how the DefaultAuthorizationMap.
> 
> Note that DefaultAuthorizationMap is essentially an in-memory cache of
> the results; you probably want to look at JNDI/LDAP at runtime to
> ensure up to date values.
> 
>> I'll be on vacation next week but I'll continue with the work after the
>> WC
>> finals. ;-)
> 
> Great! :)
> 
> (Here's hoping England actually start playing football soon...  :-)
> 
> 
> -- 
> 
> James
> -------
> http://radio.weblogs.com/0112098/
> 
> 
-- 
View this message in context: http://www.nabble.com/LDAP-Authorization-tf1851705.html#a5344494
Sent from the ActiveMQ - Dev forum at Nabble.com.


Mime
View raw message