JMS Message Level Authorization

wippel Oct 7, 2003 1:10 PM

I have clients of a topic that are only allowed to see a subset of the messages on that topic based on their security profile. I am looking for a way to authorize individual messages based on message content.

Any ideas ?

1. Re: JMS Message Level Authorization

adrian.brock Oct 7, 2003 5:20 PM (in response to wippel)

There is no standard mechanism to do this.
The security is at the destination level.
Why can't you create separate topics for sensitive messages?

Regards,
Adrian
Actions
2. Re: JMS Message Level Authorization

wippel Oct 8, 2003 7:17 AM (in response to wippel)

Due to the nature of the problem, it would require perhaps 1000's of topics. Not sure if this is a problem.
Actions
3. Re: JMS Message Level Authorization

adrian.brock Oct 9, 2003 5:49 AM (in response to wippel)

Why? Topics are just multiple fifo queues (one for each subscriber).

One to use one Topic would be to write your own
JBossMQ interceptor that modifies the user's selector
according to their authority when they subscribe.

e.g. If the message has a property that defines a "Role" that can
see the message, you would add
"and (Role = 'UserRole1' or Role = 'UserRole2')"

If the selector fails to match, the message is not added
to the user's subscription.

If you look at JBossMQ's security intercepor you can
see how it determines the roles for a user.

But checking the selector is likely to make it perform slower
than having multiple topics.

Regards,
Adrian
Actions

Go to original post