activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eugene Prokopiev <>
Subject Advanced authentication and authorization scenario
Date Wed, 12 Jul 2006 11:12:25 GMT

I need to implement this advanced authentication and authorization scenario:

1) Every user can be member of 2 user groups: message readers and 
message writers
2) Readers group must only read only from queue messages.{username} 
where {username} is authenticated user name
3) Writers group must only write only to queue messages.{username} where 
{username} is authenticated user name

I can use existing JaasAuthenticationPlugin or 
SimpleAuthenticationPlugin for authentication. I can use existing 
AuthorizationPlugin for authorization but it's not optimal: I need to 
modify it's configuration on every change in users/groups. So, it will 
be more suitable to implement my own CustomAuthorizationPlugin to do it.

What is the right way to implement my own CustomAuthorizationPlugin? I 
tried to see AuthorizationPlugin and AuthorizationBroker implementations 
but I see the code overcomplicated for my more simple task. Can I 
implement only one class for intercept sending and recieving events with 
user/group info and raise authentication exception if needed? Need I use 
something like BrokerFilter and override some methods from it? How can I 
turn on my descendant of BrokerFilter for existing broker in this case? 
Can anybody give me a simple example?

Eugene Prokopiev

View raw message