activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Burton <bur...@spinn3r.com>
Subject Re: Is there a way to authorize dynamic destinations with Apache Apollo MQ?
Date Thu, 09 Apr 2015 00:53:45 GMT
Before you continue working with Apollo you might want to investigate
whether development will continue there. I *think* it’s being phased out in
favor of ActiveMQ 6.0 which is going to be a different codebase (with
ActiveMQ still maintained).  Don’t allow me to FUD you though so find out
for yourself.  I am not 100% certain but just wanted to give you a heads up.

Maybe check the dev list...

On Wed, Apr 8, 2015 at 5:37 PM, redboy1972 <redboy1972@live.com> wrote:

> After a lot of head scratching I figured it out.
>
> In apollo.xml:
>
>     <broker xmlns="http://activemq.apache.org/schema/activemq/apollo"
> security_factory="com.me.MyAuthorizationPlugin">
>
> In com.me.MyAuthorizationPlugin:
>
>     package com.me
>
>     import org.fusesource.hawtdispatch.DispatchQueue.QueueType
>
>     import org.apache.activemq.apollo.broker.security._
>     import org.apache.activemq.apollo.broker.{ Queue, Broker, VirtualHost }
>     import java.lang.Boolean
>
>     class MyAuthorizationPlugin extends SecurityFactory {
>
>         def install(broker: Broker) {
>                 DefaultSecurityFactory.install(broker)
>         }
>
>         def install(virtual_host: VirtualHost) {
>                 DefaultSecurityFactory.install(virtual_host)
>                 val default_authorizer = virtual_host.authorizer
>                 virtual_host.authorizer = new Authorizer() {
>                         def can(ctx: SecurityContext, action: String,
> resource:
> SecuredResource): Boolean = {
>
>                                 println("Resource: " + resource.id + "
> User: " + ctx.user)
>                                 resource.resource_kind match {
>                                         case SecuredResource.TopicKind =>
>                                                 val id = resource.id
>                                                 println("Topic Resource: "
> + id + " User: " + ctx.user)
>                                                 var result : Boolean =
> id.startsWith("user." + ctx.user) ||
> id.startsWith("MDN." + ctx.user + ".")
>                                                 println("Result: " +
> result)
>                                                 return result
>                                         case _ =>
>                                                 return
> default_authorizer.can(ctx, action, resource)
>                                 }
>                         }
>                 }
>         }
>     }
>
>
> The following URLs seemed VERY useful and indeed nearly a perfect match:
>
>  -
>
> https://github.com/apache/activemq-apollo/blob/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml#L18
>
>  -
>
> https://github.com/apache/activemq-apollo/blob/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala#L29
>
> Now I only need to clean up my nasty scala and put it in Git.
>
> I am thinking of doing two tests:
>
>  1. Speed of EXACTLY what I need
>  2. A Regex pattern matcher with username / clientID replacements and
> +/*/?/etc  This pattern will be pulled from the config file.
>
> If they are nearly identical I may see about adding it to Apollo by
> contacting commiters.
>
>
>
> --
> View this message in context:
> http://activemq.2283324.n4.nabble.com/Is-there-a-way-to-authorize-dynamic-destinations-with-Apache-Apollo-MQ-tp4694359p4694578.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>



-- 

Founder/CEO Spinn3r.com
Location: *San Francisco, CA*
blog: http://burtonator.wordpress.com
… or check out my Google+ profile
<https://plus.google.com/102718274791889610666/posts>
<http://spinn3r.com>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message