Return-Path: 
 <activemq-dev-return-1917-apmail-geronimo-activemq-dev-archive=geronimo.apache.org@geronimo.apache.org>
Delivered-To: apmail-geronimo-activemq-dev-archive@www.apache.org
Received: (qmail 91675 invoked from network); 15 Jul 2006 22:45:41 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 15 Jul 2006 22:45:41 -0000
Received: (qmail 65890 invoked by uid 500); 15 Jul 2006 22:45:41 -0000
Delivered-To: apmail-geronimo-activemq-dev-archive@geronimo.apache.org
Received: (qmail 65864 invoked by uid 500); 15 Jul 2006 22:45:41 -0000
Mailing-List: contact activemq-dev-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:activemq-dev-help@geronimo.apache.org>
List-Unsubscribe: <mailto:activemq-dev-unsubscribe@geronimo.apache.org>
List-Post: <mailto:activemq-dev@geronimo.apache.org>
List-Id: <activemq-dev.geronimo.apache.org>
Reply-To: activemq-dev@geronimo.apache.org
Delivered-To: mailing list activemq-dev@geronimo.apache.org
Received: (qmail 65855 invoked by uid 99); 15 Jul 2006 22:45:41 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Jul 2006 15:45:41 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: domain of lists@nabble.com designates
 72.21.53.35 as permitted sender)
Received: from [72.21.53.35] (HELO talk.nabble.com) (72.21.53.35)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Jul 2006 15:45:29 -0700
Received: from [72.21.53.38] (helo=jubjub.nabble.com)
	by talk.nabble.com with esmtp (Exim 4.50)
	id 1G1ssg-0004wu-GV
	for activemq-dev@geronimo.apache.org; Sat, 15 Jul 2006 15:45:02 -0700
Message-ID: <5344494.post@talk.nabble.com>
Date: Sat, 15 Jul 2006 15:45:02 -0700 (PDT)
From: ngcutura <ngcutura@gmail.com>
To: activemq-dev@geronimo.apache.org
Subject: Re: LDAP Authorization
In-Reply-To: <ec6e67fd0606290701j75a16cf4y631f848ceda3cc02@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Nabble-Sender: ngcutura@gmail.com
X-Nabble-From: ngcutura <ngcutura@gmail.com>
References: <5055596.post@talk.nabble.com>
 <ec6e67fd0606290528k16743b3vc28bc49266e41b2b@mail.gmail.com>
 <5103210.post@talk.nabble.com>
 <ec6e67fd0606290701j75a16cf4y631f848ceda3cc02@mail.gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N


Hi all,

I followed James' advice and created simple LDAPAuthorizationMap. It has no
support for wildcards or composite destinations at the moment.

Attached is a zip archive with 4 files:
LdapAuth.zip 
- LDAPAuthorizationMap.java (module code)
- LDAPAuthorizationMapTest.java (module test)
- LDAPAuthorizationMap.properties (list of module properties)
- AMQAuth.ldif (sample directory used for testing)

Module works through JUnit tests. To run the tests you need to setup a
directory. I used ApacheDS; export of my sample directory is in the file
AMQAuth.ldif. Contents of this file is also present in
LDAPAuthorizationMapTest.java.

I am not familiar with Spring and I was not able to deduce how to specify
module properties in AMQ XML config file. I need help with this and I would
very much appreciate the following:
- given the LDAPAuthorizationMap.properties file produce XML file
- given the LDAPAuthorizationMap.java add code changes to accept properties
from XML file above

I am pretty much sure that my choice of constructor taking Map as argument
is inappropraite but having no knowledge of Spring one choice was as good as
another for me.

Regards,
NGC

James.Strachan wrote:
> 
> On 6/29/06, ngcutura <ngcutura@gmail.com> wrote:
>>
>> Thank you for reply.
>>
>> There is no <bean class="com.acme..." ... > in security example but this
>> is
>> quite important.
> 
> Thats just a way to instantiate some JavaBean using regular Spring style
> syntax.
> 
>> Is there some default class like DefaultAuthorizationMap?
> 
> Yes -  by all means derive from that if you want.
> 
>> What would this declaration be exactly for the security example you
>> referred
>> to?
>>
>> I think I can manage AuthorizationEntry by subclassing it or adding
>> another
>> parse() method.
> 
> You could ignore the DefaultAuthorizationMap/AuthorizationEntry
> entirely and just walk JNDI/LDAP and create a set of GroupPrincipal
> POJOs for each group for a given role & destination). It might be
> simpler than trying to understand how the DefaultAuthorizationMap.
> 
> Note that DefaultAuthorizationMap is essentially an in-memory cache of
> the results; you probably want to look at JNDI/LDAP at runtime to
> ensure up to date values.
> 
>> I'll be on vacation next week but I'll continue with the work after the
>> WC
>> finals. ;-)
> 
> Great! :)
> 
> (Here's hoping England actually start playing football soon...  :-)
> 
> 
> -- 
> 
> James
> -------
> http://radio.weblogs.com/0112098/
> 
> 
-- 
View this message in context: http://www.nabble.com/LDAP-Authorization-tf1851705.html#a5344494
Sent from the ActiveMQ - Dev forum at Nabble.com.