qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robbie Gemmell <robbie.gemm...@gmail.com>
Subject Re: Custom ACL source
Date Tue, 21 May 2013 15:42:55 GMT
On 21 May 2013 16:37, Robbie Gemmell <robbie.gemmell@gmail.com> wrote:

> If you havent already, I would recommend you take a look at a 0.22 RC to
> get a view on the updated configuration storage and web management
> interface, which now lets you configure most of the broker functionality
> (such as adding and removing AccessControl providers of differing types,
> like the shipped 'AclFile').
>
> You can find the broker 0.22 RC4 tar here
> http://people.apache.org/~jross/qpid-0.22-rc4/qpid-java-broker-0.22.tar.gzuntil RC5 is
available shortly. The 0.22 docs aren't published yet but the
> trunk documentation currently matches it:
> http://qpid.apache.org/books/trunk/AMQP-Messaging-Broker-Java-Book/html/index.html
>
> Things you would need to do to implement your own access control plugin
> for 0.22 are:
>
> Implement the following plugin Factory:
>
> broker/src/main/java/org/apache/qpid/server/plugin/AccessControlFactory.java
>
> Which should then return the underlying AccessControl plugin if provided
> with appropriate configuration, implementing:
> broker/src/main/java/org/apache/qpid/server/security/AccessControl.java
>
> The broker finds the available AccessControlFactory implementations using
> ServiceLoader (
> http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html) so
> you will need to add the appropriate provider-configuration file in the
> META-INF dir of your output jar and add it to the broker classpath for it
> to be discovered (if using the qpid-server startup script, just drop the
> jar in the lib/plugins/ directory and it will be included at startup).
>
> To help you along you can look at the implementation of the shipped file
> based AccessControl plugin. You can fan out to consider the whole
> implementation, but the files related to the above points would be:
>
> broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControlFactory.java
>
> broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/DefaultAccessControl.java
>
> broker-plugins/access-control/src/main/resources/META-INF/services/org.apache.qpid.server.plugin.AccessControlFactory
>
>
To be slightly more precise, you would actually need to check out the
parent 'qpid' directory if you wanted to run the build, as there are
dependencies on things like the specs dir which sits alongside the java
directory.


> You can find the current 0.22 source branch (it will be tagged when
> released) here:
> http://svn.apache.org/repos/asf/qpid/branches/0.22/qpid/java/
>
> If you want to use maven for your project build there are snapshots here:
> https://repository.apache.org/content/repositories/snapshots/ [at
> org/apache/qpid/...]
>
>
> If you want to try with 0.20 (I'd suggest you try 0.22, its nicer) then
> the precise interfaces differ a bit, and you would need to look usage of
> Commons Configuration for passing the configuration via the old config.xml
> file, but you can again follow what is done for the existing plugin. The
> 0.20 artifacts are in maven central, and the source is additionally tagged
> at: http://svn.apache.org/repos/asf/qpid/tags/0.20/qpid/java/
>
> Robbie
>
> On 20 May 2013 22:33, Misha Nesterenko <misha.nesterenko@gmail.com> wrote:
>
>> That sounds great. If authorization may be implemented as a separate
>> plugin
>> that is great!
>> Could you give me some directions for 0.22 and if that is no so burdensome
>> also for 0.20
>>
>> Thanks
>>
>>
>> On Mon, May 20, 2013 at 7:23 PM, Robbie Gemmell <robbie.gemmell@gmail.com
>> >wrote:
>>
>> > Then the answer is that it is theoretically possible for you to define
>> your
>> > own ACL source, although it will involve a non-trivial amount of work
>> for
>> > you to do so. The brokers authorisation functionality is provided via a
>> > pluggable interface and so it would 'only' be a case of case of you
>> > implementing this via your own ACL plugin and using that instead.
>> >
>> > This is an area that has never been documented and has undergone change
>> > while we have been reworking the brokers configuration model and
>> internal
>> > structure in recent times, so the precise steps needed differ between
>> the
>> > 0.18, 0.20, and 0.22 (which should hit its hopefully final Release
>> > Candidate today and is expected to be released in the next week or two)
>> > releases, with the latter being arguably the easiest.
>> >
>> > Does this sound like something you would want to proceed with? If so,
>> let
>> > me know which release you would be likely to use and I will try to give
>> you
>> > some additional pointers.
>> >
>> > Robbie
>> >
>> > On 20 May 2013 14:18, Misha Nesterenko <misha.nesterenko@gmail.com>
>> wrote:
>> >
>> > > Hi
>> > >
>> > > sorry, I am using java broker
>> > >
>> > >
>> > > On Mon, May 20, 2013 at 4:15 PM, Robbie Gemmell <
>> > robbie.gemmell@gmail.com
>> > > >wrote:
>> > >
>> > > > Are you using the Java or C++ broker?
>> > > >
>> > > > Robbie
>> > > >
>> > > > On 20 May 2013 13:42, Misha Nesterenko <misha.nesterenko@gmail.com>
>> > > wrote:
>> > > >
>> > > > > Hello all
>> > > > >
>> > > > > I wonder is it possible to use custom acl source? There is a
>> single
>> > > > > database for our users and I do not want security information
to
>> be
>> > > > > scattered among several sources, e.g. database and files.
>> > > > >
>> > > > > Thank you in advance.
>> > > > >
>> > > >
>> > >
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message