activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From craig w <codecr...@gmail.com>
Subject Re: CertificateLoginModule -- access to destination being subscribed to?
Date Tue, 28 May 2013 14:47:43 GMT
To be more clear (perhaps), I need some way of either to prevent a user
from subscribing to a destination based on results from a 3rd party service
-- user tries to subscribe, I use the user information and destination name
to query a 3rd party service.

I'll be using dynamic topics where the topic name will contain some value
which is used to determine if a user is allowed to access the content. For
example, /topic/data/abc123 and /topic/data/abc456  ...some users should be
able to see data on both topics while other users can only see data for
"abc123" and some for "abc456".

I think some sort of custom authorization is required (
http://activemq.apache.org/apollo/documentation/user-manual.html#Authorization)
but I'm not sure the current capabilities are sufficient for my needs.  Any
ideas would be greatly appreciated.

Thanks


On Tue, May 28, 2013 at 8:40 AM, craig w <codecraig@gmail.com> wrote:

> When a client (websocket in particular) connects to Apollo using wss://,
> is there some way to tell which destination they're subscribing to
> (/topic/foo for example)?
>
> I need custom login logic that does some verification with a 3rd party
> service when a user tries to connect and subscribe to a certain
> destination, so if a user tries to subscribe to /topic/foo I need to make
> sure they are allowed to do that (by querying a 3rd party service). I was
> going to extend CertificateLoginModule, override the login method and call
> the 3rd party service using information from the client's certificate and
> the name of the destination they tried to connect to, however, I don't see
> how to get access to that information (the destination name).
>
> Is there some other way to do this?
>
> Thanks in advance,
> Craig
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message