qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robbie Gemmell <robbie.gemm...@gmail.com>
Subject Re: Custom ACL source
Date Tue, 21 May 2013 15:37:18 GMT
If you havent already, I would recommend you take a look at a 0.22 RC to
get a view on the updated configuration storage and web management
interface, which now lets you configure most of the broker functionality
(such as adding and removing AccessControl providers of differing types,
like the shipped 'AclFile').

You can find the broker 0.22 RC4 tar here
http://people.apache.org/~jross/qpid-0.22-rc4/qpid-java-broker-0.22.tar.gzuntil
RC5 is available shortly. The 0.22 docs aren't published yet but the
trunk documentation currently matches it:
http://qpid.apache.org/books/trunk/AMQP-Messaging-Broker-Java-Book/html/index.html

Things you would need to do to implement your own access control plugin for
0.22 are:

Implement the following plugin Factory:
broker/src/main/java/org/apache/qpid/server/plugin/AccessControlFactory.java

Which should then return the underlying AccessControl plugin if provided
with appropriate configuration, implementing:
broker/src/main/java/org/apache/qpid/server/security/AccessControl.java

The broker finds the available AccessControlFactory implementations using
ServiceLoader (
http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html) so
you will need to add the appropriate provider-configuration file in the
META-INF dir of your output jar and add it to the broker classpath for it
to be discovered (if using the qpid-server startup script, just drop the
jar in the lib/plugins/ directory and it will be included at startup).

To help you along you can look at the implementation of the shipped file
based AccessControl plugin. You can fan out to consider the whole
implementation, but the files related to the above points would be:
broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java
broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java
broker-plugins/access-control/src/main/resources/META-INF/services/org.apache.qpid.server.plugin.AccessControlFactory

You can find the current 0.22 source branch (it will be tagged when
released) here:
http://svn.apache.org/repos/asf/qpid/branches/0.22/qpid/java/

If you want to use maven for your project build there are snapshots here:
https://repository.apache.org/content/repositories/snapshots/ [at
org/apache/qpid/...]


If you want to try with 0.20 (I'd suggest you try 0.22, its nicer) then the
precise interfaces differ a bit, and you would need to look usage of
Commons Configuration for passing the configuration via the old config.xml
file, but you can again follow what is done for the existing plugin. The
0.20 artifacts are in maven central, and the source is additionally tagged
at: http://svn.apache.org/repos/asf/qpid/tags/0.20/qpid/java/

Robbie

On 20 May 2013 22:33, Misha Nesterenko <misha.nesterenko@gmail.com> wrote:

> That sounds great. If authorization may be implemented as a separate plugin
> that is great!
> Could you give me some directions for 0.22 and if that is no so burdensome
> also for 0.20
>
> Thanks
>
>
> On Mon, May 20, 2013 at 7:23 PM, Robbie Gemmell <robbie.gemmell@gmail.com
> >wrote:
>
> > Then the answer is that it is theoretically possible for you to define
> your
> > own ACL source, although it will involve a non-trivial amount of work for
> > you to do so. The brokers authorisation functionality is provided via a
> > pluggable interface and so it would 'only' be a case of case of you
> > implementing this via your own ACL plugin and using that instead.
> >
> > This is an area that has never been documented and has undergone change
> > while we have been reworking the brokers configuration model and internal
> > structure in recent times, so the precise steps needed differ between the
> > 0.18, 0.20, and 0.22 (which should hit its hopefully final Release
> > Candidate today and is expected to be released in the next week or two)
> > releases, with the latter being arguably the easiest.
> >
> > Does this sound like something you would want to proceed with? If so, let
> > me know which release you would be likely to use and I will try to give
> you
> > some additional pointers.
> >
> > Robbie
> >
> > On 20 May 2013 14:18, Misha Nesterenko <misha.nesterenko@gmail.com>
> wrote:
> >
> > > Hi
> > >
> > > sorry, I am using java broker
> > >
> > >
> > > On Mon, May 20, 2013 at 4:15 PM, Robbie Gemmell <
> > robbie.gemmell@gmail.com
> > > >wrote:
> > >
> > > > Are you using the Java or C++ broker?
> > > >
> > > > Robbie
> > > >
> > > > On 20 May 2013 13:42, Misha Nesterenko <misha.nesterenko@gmail.com>
> > > wrote:
> > > >
> > > > > Hello all
> > > > >
> > > > > I wonder is it possible to use custom acl source? There is a single
> > > > > database for our users and I do not want security information to
be
> > > > > scattered among several sources, e.g. database and files.
> > > > >
> > > > > Thank you in advance.
> > > > >
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message