activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From redboy1972 <redboy1...@live.com>
Subject Re: Is there a way to authorize dynamic destinations with Apache Apollo MQ?
Date Thu, 09 Apr 2015 00:37:37 GMT
After a lot of head scratching I figured it out.

In apollo.xml:

    <broker xmlns="http://activemq.apache.org/schema/activemq/apollo"
security_factory="com.me.MyAuthorizationPlugin">

In com.me.MyAuthorizationPlugin:

    package com.me
    
    import org.fusesource.hawtdispatch.DispatchQueue.QueueType
    
    import org.apache.activemq.apollo.broker.security._
    import org.apache.activemq.apollo.broker.{ Queue, Broker, VirtualHost }
    import java.lang.Boolean
    
    class MyAuthorizationPlugin extends SecurityFactory {
    
    	def install(broker: Broker) {
    		DefaultSecurityFactory.install(broker)
    	}
    
    	def install(virtual_host: VirtualHost) {
    		DefaultSecurityFactory.install(virtual_host)
    		val default_authorizer = virtual_host.authorizer
    		virtual_host.authorizer = new Authorizer() {
    			def can(ctx: SecurityContext, action: String, resource:
SecuredResource): Boolean = {
    				
    				println("Resource: " + resource.id + " User: " + ctx.user)
    				resource.resource_kind match {
    					case SecuredResource.TopicKind =>
    						val id = resource.id
    						println("Topic Resource: " + id + " User: " + ctx.user)
    						var result : Boolean = id.startsWith("user." + ctx.user) ||
id.startsWith("MDN." + ctx.user + ".")
    						println("Result: " + result)
    						return result
    					case _ =>
    						return default_authorizer.can(ctx, action, resource)
    				}
    			}
    		}
    	}
    }


The following URLs seemed VERY useful and indeed nearly a perfect match:

 -
https://github.com/apache/activemq-apollo/blob/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml#L18

 -
https://github.com/apache/activemq-apollo/blob/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala#L29

Now I only need to clean up my nasty scala and put it in Git.

I am thinking of doing two tests:

 1. Speed of EXACTLY what I need
 2. A Regex pattern matcher with username / clientID replacements and
+/*/?/etc  This pattern will be pulled from the config file.

If they are nearly identical I may see about adding it to Apollo by
contacting commiters.



--
View this message in context: http://activemq.2283324.n4.nabble.com/Is-there-a-way-to-authorize-dynamic-destinations-with-Apache-Apollo-MQ-tp4694359p4694578.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message