activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-908) Authorization plugin should have configurable principal classes
Date Thu, 16 Nov 2006 00:28:02 GMT
    [ https://issues.apache.org/activemq/browse/AMQ-908?page=comments#action_37459 ] 
            
Aaron Mulder commented on AMQ-908:
----------------------------------

Here are the Geronimo ones:

[GeronimoUserPrincipal|http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java?view=markup]
[GeronimoGroupPrincipal|http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java?view=markup]

I'm sure Glassfish has some too, though I don't know where.  Perhaps Harmony as well?

My assumption was that we should look for a constructor with a single String, and if we don't
find that, look for an empty constructor and a setName method that takes a single String,
and if we don't find that, throw an Exception.  If someone complains that they got the exception,
then I guess we'll look at their principal classes to determine the next fallback position.
 :)

> Authorization plugin should have configurable principal classes
> ---------------------------------------------------------------
>
>                 Key: AMQ-908
>                 URL: https://issues.apache.org/activemq/browse/AMQ-908
>             Project: ActiveMQ
>          Issue Type: Improvement
>          Components: Broker
>    Affects Versions: 4.0.1
>            Reporter: Aaron Mulder
>             Fix For: 4.2.0, 4.0.3
>
>
> Currently, if you configure the authorization plugin, it assumes that all principals
listed should be of type {{org.apache.activemq.jaas.GroupPrincipal}}.  This is OK if you're
using ActiveMQ LoginModules, but since there's a fairly small supply of those, it would be
great if you could use arbitrary login modules and tell the authorization plugin which principal
classes to use.  For example, {{groupClass="weblogic.security.principal.WLSGroupImpl}} or
something like that.  A good first step would be to let you change the group class.  A good
second step would be to let you specify user and group classes and then somehow indicate which
names are which (e.g. {{admin="administrators,user:aaron,user:bob"}} or whatever).  Someday
maybe it will be nice to support any arbitrary combination of principal classes but that seems
far away.
> When instantiating the principal classes, I imagine we should use a constructor with
a single String argument if available, or else a default constructor plus a "setName" method,
or else I guess bail.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message