activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 梁振警 <liangzhenj...@gmail.com>
Subject Re: Apollo: Custom ACL Module
Date Mon, 13 Aug 2012 14:48:01 GMT
That might work, but I think it just a "dirty" workaround.

In my system, many clients connect to the server and subscribe a queue, and I want  to restricted
them CAN ONLY subscribe to a queue belong to themselves. If not, a misbehaved client may subscribe
to a destination like "/queue/**" and "hijack" other clients' messages.

I think if Apollo provides a plug-able interface (like Custom Login Module) will resolved
this problem.

On Aug 10, 2012, at 8:38 PM, Hiram Chirino <hiram@hiramchirino.com> wrote:

> Well, you could also just run a process which writes a new apollo.xml file
> with the ACL rules queried from the DB periodically but then your updating
> your disk constantly which is not as ideal.
> 
> On Fri, Aug 10, 2012 at 8:36 AM, Hiram Chirino <hiram@hiramchirino.com>wrote:
> 
>> The one way to you can do it today is to start up apollo as embedded
>> broker so that you can programatic control of it's configurations.  You can
>> find an example of this at:
>> 
>> 
>> https://github.com/apache/activemq-apollo/blob/trunk/apollo-distro/src/main/release/examples/java-embedded-broker/src/main/java/example/EmbeddedBroker.java
>> 
>> You then periodically poll your database for all the ACL rules and update
>> the configuration when the the ACL rules.  Apollo is smart enough to apply
>> configuration changes like ACL rule updates without disrupting services.
>> 
>> 
>> On Fri, Aug 10, 2012 at 4:50 AM, LiANG ZHENJiNG <liangzhenjing@gmail.com>wrote:
>> 
>>> i know i can i that. but what i looking for is a Dynamic ACL solution,
>>> that means
>>> i can decide who can access a resource base on some settings saved on my
>>> db.
>>> 
>>> is there any way to do this?
>>> 
>>> 在 2012-8-10,4:09,Hiram Chirino <hiram@hiramchirino.com> 写道:
>>> 
>>>> add:
>>>> 
>>>> <access_rule allow="12345" action="receive consume" kind="queue"
>>> id="12345"/>
>>>> 
>>>> 
>>>> to your xml config.
>>>> 
>>>> On Thu, Aug 9, 2012 at 8:48 AM, 梁振警 <liangzhenjing@gmail.com>
wrote:
>>>> 
>>>>> Hi all,
>>>>> 
>>>>> Is there any way to control wether a user can subscribe to a
>>> topic/queue?
>>>>> 
>>>>> for example, I want user (id=12345)  can only subscribe to
>>> /queue/12345,
>>>>> is there any to do this?
>>>>> 
>>>>> --
>>>>> Zhenjing Liang
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> --
>>>> 
>>>> **
>>>> 
>>>> *Hiram Chirino*
>>>> 
>>>> *Software Fellow | FuseSource Corp.*
>>>> 
>>>> *chirino@fusesource.com | fusesource.com*
>>>> 
>>>> *skype: hiramchirino | twitter: @hiramchirino<
>>> http://twitter.com/hiramchirino>
>>>> *
>>>> 
>>>> *blog: Hiram Chirino's Bit Mojo <http://hiramchirino.com/blog/>*
>>>> 
>>>> *
>>>> *
>>>> 
>>>> *
>>>> *
>>> 
>> 
>> 
>> 
>> --
>> 
>> **
>> 
>> *Hiram Chirino*
>> 
>> *Software Fellow | FuseSource Corp.*
>> 
>> *chirino@fusesource.com | fusesource.com*
>> 
>> *skype: hiramchirino | twitter: @hiramchirino<http://twitter.com/hiramchirino>
>> *
>> 
>> *blog: Hiram Chirino's Bit Mojo <http://hiramchirino.com/blog/>*
>> 
>> *
>> *
>> 
>> *
>> *
>> 
>> 
>> 
> 
> 
> -- 
> 
> **
> 
> *Hiram Chirino*
> 
> *Software Fellow | FuseSource Corp.*
> 
> *chirino@fusesource.com | fusesource.com*
> 
> *skype: hiramchirino | twitter: @hiramchirino<http://twitter.com/hiramchirino>
> *
> 
> *blog: Hiram Chirino's Bit Mojo <http://hiramchirino.com/blog/>*
> 
> *
> *
> 
> *
> *


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message