Return-Path: X-Original-To: apmail-activemq-users-archive@www.apache.org Delivered-To: apmail-activemq-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 428861797A for ; Thu, 9 Apr 2015 00:51:04 +0000 (UTC) Received: (qmail 14771 invoked by uid 500); 9 Apr 2015 00:51:03 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 14730 invoked by uid 500); 9 Apr 2015 00:51:03 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 14718 invoked by uid 99); 9 Apr 2015 00:51:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Apr 2015 00:51:03 +0000 X-ASF-Spam-Status: No, hits=2.5 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,SPF_SOFTFAIL,URI_HEX,URI_TRY_3LD X-Spam-Check-By: apache.org Received-SPF: softfail (athena.apache.org: transitioning domain of redboy1972@live.com does not designate 162.253.133.43 as permitted sender) Received: from [162.253.133.43] (HELO mwork.nabble.com) (162.253.133.43) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Apr 2015 00:50:59 +0000 Received: from mjoe.nabble.com (unknown [162.253.133.57]) by mwork.nabble.com (Postfix) with ESMTP id 912BA1A396C8 for ; Wed, 8 Apr 2015 17:50:36 -0700 (PDT) Date: Wed, 8 Apr 2015 17:37:37 -0700 (PDT) From: redboy1972 To: users@activemq.apache.org Message-ID: <1428539857755-4694578.post@n4.nabble.com> In-Reply-To: <1428339432276-4694359.post@n4.nabble.com> References: <1428339432276-4694359.post@n4.nabble.com> Subject: Re: Is there a way to authorize dynamic destinations with Apache Apollo MQ? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org After a lot of head scratching I figured it out. In apollo.xml: In com.me.MyAuthorizationPlugin: package com.me import org.fusesource.hawtdispatch.DispatchQueue.QueueType import org.apache.activemq.apollo.broker.security._ import org.apache.activemq.apollo.broker.{ Queue, Broker, VirtualHost } import java.lang.Boolean class MyAuthorizationPlugin extends SecurityFactory { def install(broker: Broker) { DefaultSecurityFactory.install(broker) } def install(virtual_host: VirtualHost) { DefaultSecurityFactory.install(virtual_host) val default_authorizer = virtual_host.authorizer virtual_host.authorizer = new Authorizer() { def can(ctx: SecurityContext, action: String, resource: SecuredResource): Boolean = { println("Resource: " + resource.id + " User: " + ctx.user) resource.resource_kind match { case SecuredResource.TopicKind => val id = resource.id println("Topic Resource: " + id + " User: " + ctx.user) var result : Boolean = id.startsWith("user." + ctx.user) || id.startsWith("MDN." + ctx.user + ".") println("Result: " + result) return result case _ => return default_authorizer.can(ctx, action, resource) } } } } } The following URLs seemed VERY useful and indeed nearly a perfect match: - https://github.com/apache/activemq-apollo/blob/trunk/apollo-stomp/src/test/resources/apollo-stomp-custom-security.xml#L18 - https://github.com/apache/activemq-apollo/blob/trunk/apollo-stomp/src/test/scala/org/apache/activemq/apollo/stomp/test/UserOwnershipSecurityFactory.scala#L29 Now I only need to clean up my nasty scala and put it in Git. I am thinking of doing two tests: 1. Speed of EXACTLY what I need 2. A Regex pattern matcher with username / clientID replacements and +/*/?/etc This pattern will be pulled from the config file. If they are nearly identical I may see about adding it to Apollo by contacting commiters. -- View this message in context: http://activemq.2283324.n4.nabble.com/Is-there-a-way-to-authorize-dynamic-destinations-with-Apache-Apollo-MQ-tp4694359p4694578.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.