From users-return-15906-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org Tue Sep 09 18:29:57 2008
Return-Path: <users-return-15906-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org>
Delivered-To: apmail-activemq-users-archive@www.apache.org
Received: (qmail 88785 invoked from network); 9 Sep 2008 18:29:57 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 9 Sep 2008 18:29:57 -0000
Received: (qmail 19108 invoked by uid 500); 9 Sep 2008 18:29:54 -0000
Delivered-To: apmail-activemq-users-archive@activemq.apache.org
Received: (qmail 19089 invoked by uid 500); 9 Sep 2008 18:29:54 -0000
Mailing-List: contact users-help@activemq.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@activemq.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@activemq.apache.org>
List-Post: <mailto:users@activemq.apache.org>
List-Id: <users.activemq.apache.org>
Reply-To: users@activemq.apache.org
Delivered-To: mailing list users@activemq.apache.org
Received: (qmail 19078 invoked by uid 99); 9 Sep 2008 18:29:54 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Sep 2008 11:29:54 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of bruce.snyder@gmail.com designates 209.85.217.15 as permitted sender)
Received: from [209.85.217.15] (HELO mail-gx0-f15.google.com) (209.85.217.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Sep 2008 18:28:53 +0000
Received: by gxk8 with SMTP id 8so11250814gxk.14
        for <users@activemq.apache.org>; Tue, 09 Sep 2008 11:28:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=hp6zA24TusmR/QA4TS/B43bsTT1e13NCmncbtmarJ7I=;
        b=H6EGGe1TPZE7giEgQ0yj9/Du6HH5CLyrdEwONdrRXnDnLUuJ9Wo2uRg+rEW6YMs9mR
         zeqYR7qSDwCybOVeHArKM5uGeUA6Plt0n/R+hqw+L6wEWrxEgjTYEG420THiVxoF9uqX
         pp93QXlLl3tUWu3TuZEuKQ6q4aPW5pOSgHA5s=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=ckBhpbl4gDN+2fh9vPlsfFi0CvFXWfrFVZqOyklu5qBPgH+NuguMEC80Iig5oQfQMO
         ThPpqoTCkReW1sX+qtQRiYcyUU4cUIhUOU513PfpnJATxEbD4AdJVbR5yYixodCle4qs
         Mc6Qxb4f8RlIEURtR3jSh807KokXnWO/bD4Qo=
Received: by 10.100.120.15 with SMTP id s15mr10037anc.128.1220984904151;
        Tue, 09 Sep 2008 11:28:24 -0700 (PDT)
Received: by 10.100.44.19 with HTTP; Tue, 9 Sep 2008 11:28:24 -0700 (PDT)
Message-ID: <7b3355cb0809091128u51d28f40y22a8a21707866f0c@mail.gmail.com>
Date: Tue, 9 Sep 2008 12:28:24 -0600
From: "Bruce Snyder" <bruce.snyder@gmail.com>
To: users@activemq.apache.org
Subject: Re: activemq authentication through plugins
In-Reply-To: <19398185.post@talk.nabble.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <19398185.post@talk.nabble.com>
X-Virus-Checked: Checked by ClamAV on apache.org

On Tue, Sep 9, 2008 at 12:19 PM, scott.d.dagastino
<scott.d.dagastino@lmco.com> wrote:
>
> I'm attempting to write my own plugin authentication module for activemq.  I
> have created a bean that extends the broker plugin and register it with
> activemq.xml " <bean
> class="com.lmco.fltwinds.security.FltwindsAuthentication"/>".  it will fire
> off the constructor with no problem but I want it to register the
> userid/password (hard coded for now) with the activemq core so if
> someone(user) is attempting to logon with invalid userid/password then it
> will reject the connection request.  I will eventually pull the
> userid/password from a database.
> 1.  how do I get the userid/password into the security core through the
> plugin without having to restart activemq
> 2.   how do I get the "installBroker" method to fire in my custom plugin.
>
> Here is the plugin code I have created:
> // Decompiled by Jad v1.5.8g. Copyright 2001 Pavel Kouznetsov.
> // Jad home page: http://www.kpdus.com/jad.html
> // Decompiler options: packimports(3)
> // Source File Name:   SimpleAuthenticationPlugin.java
>
> package com.lmco.fltwinds.security;
>
> import java.util.*;
> import org.apache.activemq.broker.Broker;
> import org.apache.activemq.broker.BrokerPlugin;
> import org.apache.activemq.jaas.GroupPrincipal;
> import org.apache.activemq.security.AuthenticationUser;
> import org.apache.activemq.security.SimpleAuthenticationBroker;
>
> // Referenced classes of package org.apache.activemq.security:
> //            SimpleAuthenticationBroker, AuthenticationUser
>
> public class FltwindsAuthentication
>    implements BrokerPlugin
> {
>
>    public FltwindsAuthentication() {
>        System.out.println("Hello world from my own plugin...:  Current time: "
> + new Date());
>        AuthenticationUser user = new AuthenticationUser("SysAdm", "SysAdm",
> "Groupa");
>        List list = new ArrayList();
>        list.add(user);
>        setUsers(list);
>    }
>
>    public Broker installPlugin(Broker broker)
>    {
>        System.out.println("SDD install plugin");
>        return new SimpleAuthenticationBroker(broker, userPasswords,
> userGroups);
>    }
>
>    public Map getUserGroups()
>    {
>        return userGroups;
>    }
>
>    public void setUsers(List users)
>    {
>        userPasswords = new HashMap();
>        userGroups = new HashMap();
>        AuthenticationUser user;
>        Set groups;
>        for(Iterator it = users.iterator(); it.hasNext();
> userGroups.put(user.getUsername(), groups))
>        {
>            user = (AuthenticationUser)it.next();
>            userPasswords.put(user.getUsername(), user.getPassword());
>            groups = new HashSet();
>            String name;
>            for(StringTokenizer iter = new StringTokenizer(user.getGroups(),
> ","); iter.hasMoreTokens(); groups.add(new GroupPrincipal(name)))
>                name = iter.nextToken().trim();
>
>        }
>
>    }
>
>    public void setUserGroups(Map userGroups)
>    {
>        this.userGroups = userGroups;
>    }
>
>    public Map getUserPasswords()
>    {
>        return userPasswords;
>    }
>
>    public void setUserPasswords(Map userPasswords)
>    {
>        this.userPasswords = userPasswords;
>    }
>
>    private Map userPasswords;
>    private Map userGroups;
> }

I'd suggest creating an implementation of the BrokerPlugin to wrap
your BrokerFilter. The BrokerPlugin allow you to create an instance of
the BrokerFilter and expose the BrokerFilter configuration via the
plugin configuration in the activemq.xml.

Bruce
-- 
perl -e 'print unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*"
);'

Apache ActiveMQ - http://activemq.org/
Apache Camel - http://activemq.org/camel/
Apache ServiceMix - http://servicemix.org/

Blog: http://bruceblog.org/