activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <>
Subject Re: Advanced authentication and authorization scenario
Date Wed, 12 Jul 2006 11:21:53 GMT
On 7/12/06, Eugene Prokopiev <> wrote:
> Hi,
> I need to implement this advanced authentication and authorization scenario:
> 1) Every user can be member of 2 user groups: message readers and
> message writers
> 2) Readers group must only read only from queue messages.{username}
> where {username} is authenticated user name
> 3) Writers group must only write only to queue messages.{username} where
> {username} is authenticated user name
> I can use existing JaasAuthenticationPlugin or
> SimpleAuthenticationPlugin for authentication. I can use existing
> AuthorizationPlugin for authorization but it's not optimal: I need to
> modify it's configuration on every change in users/groups. So, it will
> be more suitable to implement my own CustomAuthorizationPlugin to do it.
> What is the right way to implement my own CustomAuthorizationPlugin? I
> tried to see AuthorizationPlugin and AuthorizationBroker implementations
> but I see the code overcomplicated for my more simple task.

If you find the existing code too complex to understand/reuse just
write a new implementation.

You could reuse the AuthorizationPlugin/AuthorizationBroker and just
implement your own AuthorizationMap - or just write your own broker
interceptor and override the methods that the AuthorizationBroker does
to add security checks to the broker however you wish.

>  Can I
> implement only one class for intercept sending and recieving events with
> user/group info and raise authentication exception if needed?
>  Need I use
> something like BrokerFilter and override some methods from it? How can I
> turn on my descendant of BrokerFilter for existing broker in this case?
> Can anybody give me a simple example?


BTW take a look at how the logging interceptor is written; combining
the BrokerFilter and BrokerPlugin in a single class...

BTW we welcome contributions, so please share with us what you end up with :)



View raw message