activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Modanese, Riccardo" <Riccardo.Modan...@eurotech.com.INVALID>
Subject Re: Artemis - Implement ACL programmatically
Date Tue, 27 Aug 2019 15:12:11 GMT
I think the SecuritySettingPlugin will not solve my issue but an ActiveMQSecurityManager3 custom
implementation could be.

So I tried to plug an ActiveMQSecurityManager3 implementation but without any success.
From my understanding this plugin should be defined into bootstrap.xml but unfortunately I
found no way to replace the jaas-security tag with another one pointing to my configuration
DTO (the xsd doesn’t provide alternative tag to jaas-security)

Anyway, just to be sure if the ActiveMQSecurityManager3 api could fit my needs,  is the method
validateUserAndRole called before every publish/subscribe?

> Il giorno 26 ago 2019, alle ore 18:00, Christopher Shannon <christopher.l.shannon@gmail.com>
ha scritto:
> 
> You might need to write some custom code to do what you want and you could
> try a custom Security plugin.
> See the API and Java docs for the security setting plugin:
> https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/SecuritySettingPlugin.java
> 
> If you need even more control you can create your own SecurityManager and
> register it with the broker.  The interface to extend is:
> https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQSecurityManager3.java
> 
> The validateUserAndRole() method is where you do your ACL checks
> 
> A default implementation that delegates to a JAAS module is including in
> the broker already which you can use as an example or to extend:
> https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java
> 
> On Mon, Aug 26, 2019 at 8:01 AM Modanese, Riccardo
> <Riccardo.Modanese@eurotech.com.invalid> wrote:
> 
>> I already read this page and I wasn’t able to find any helpful information.
>> In our use case each user has ACL depending on the username itself.
>> Moreover a user can be added at runtime and the broker must be able to
>> create and handle correctly the ACL also for the new created user.
>> 
>> So, at the end, what I need is the capability of creating ACL
>> programmatically and keep them in a session in order to be used every time
>> a client publishes a message or subscribes an address.
>> In ActiveMQ 5 this was possible ( [1] - [2] ) by creating a
>> DefaultAuthorizationMap object, but I cannot find a similar object in
>> Artemis
>> 
>> [1]
>> https://github.com/eclipse/kapua/blob/develop/broker-core/src/main/java/org/eclipse/kapua/broker/core/plugin/KapuaSecurityBrokerFilter.java#L683
>> [2]
>> https://github.com/eclipse/kapua/blob/develop/broker-core/src/main/java/org/eclipse/kapua/broker/core/plugin/KapuaSecurityBrokerFilter.java#L557
>> 
>> 
>> Il giorno 26 ago 2019, alle ore 13:43, Christopher Shannon <
>> christopher.l.shannon@gmail.com<mailto:christopher.l.shannon@gmail.com>>
>> ha scritto:
>> 
>> All of the info you should need to get started should be here:
>> 
>> https://activemq.apache.org/components/artemis/documentation/latest/security.html
>> 
>> On Mon, Aug 26, 2019 at 6:24 AM Modanese, Riccardo
>> <Riccardo.Modanese@eurotech.com.invalid> wrote:
>> 
>> Hello,
>>   In our ActiveMQ 5.x security plugin code we are enforcing ACL
>> programmatically so I’m investigating how to migrate our current ACL from
>> ActiveMQ 5.x to Artemis.
>> 
>> I took a look into Artemis source code and I didn’t find any similar
>> object to those present in ActiveMQ 5.x (E.g.
>> org.apache.activemq.security.AuthorizationMap,
>> org.apache.activemq.security.AuthorizationEntry, ...)
>> 
>> Can you point me to the right direction?
>> 
>> 
>> 

Mime
View raw message