Hi Jim, the best way is to look at the source code of the current plugin implementation.
You can find it in org.apache.activemq.security package. For a quick preview, you can use this URL: http://fisheye6.atlassian.com/browse/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security Cheers -- Dejan Bosanac - http://twitter.com/dejanb Open Source Integration - http://fusesource.com/ ActiveMQ in Action - http://www.manning.com/snyder/ Blog - http://www.nighttale.net On Wed, May 19, 2010 at 2:33 PM, Jim Lloyd <jll...@silvertailsystems.com>wrote: > I'd like to implement an authorization plugin that would allow me to > implement a fully automatic authorization policy. Here's an outline of what > I want: > > We have a broker that is a hub in a hub & spoke topology network of > brokers. > A connections to this hub broker are via SSL and the hub broker requires > SSL > client authentication. We require the client certificates to always be of a > form where the Common Name (CN) of the certificate defines the user. So, > for > example, if we instead used a jaas.TextFileCertificateLoginModule the > user.properties file would look like this: > > user1=CN=user1,O=Silver Tail Systems,ST=California,C=US > userFoo=CN=userFoo,O=Silver Tail Systems,ST=California,C=US > ... > userZeta=CN=userZeta,O=Silver Tail Systems,ST=California,C=US > > Meanwhile, the AuthorizationMap we want would look something like this: > > <authorizationPlugin> > <map> > <authorizationMap> > <authorizationEntries> > <authorizationEntry topic=">" read="admins" write="admins" admin="admins" > /> > <authorizationEntry topic="user1.>" read="user1" write="user1" > admin="user1" > /> > <authorizationEntry topic="userFoo.>" read="userFoo" write="userFoo" > admin="userFoo" /> > ... > <authorizationEntry topic="userZeta.>" read="userZeta" write="userZeta" > admin="userZeta" /> > <authorizationEntry topic="ActiveMQ.Advisory.>" read="all" write="all" > admin="all"/> > </authorizationEntries> > </authorizationMap> > </map> > </authorizationPlugin> > > If we use jaas.TextFileCertificateLoginModule, we have to update the > users.properties, groups.properties file and the authorizationMap in the > activemq.xml file every time we add a user. We can automate this with > scripting, but a more elegant solution would be to write our own plugin(s) > to implement this policy. I'm in the process of scoping this effort, and so > far I haven't found anything other than javadocs on the various classes to > guide me. Can anyone provide a high level outline of how I would implement > this? > > Thanks, > Jim Lloyd > Silver Tail Systems >
