-
1. Re: Topic authentication using Interceptors?
1 of 1 people found this helpfulI wish to control who can access/subscribe a certain Topic in my horneq jms server. I took a look the Security subject in the user manual and thought about implenting my own securitymanager. (on a side note the usermanual talks about org.hornetq.core.security.SecurityManager which is missing)
I just sent a pull request to fix the documentation. If hadn't figured it out already the correct interface is org.hornetq.spi.core.security.HornetQSecurityManager.
While thinking about this i saw that the securitymanager can only be used to control the general access to the jms server.
You can do role-based authorization along with authentication. See http://docs.jboss.org/hornetq/2.3.0.CR1/docs/user-manual/html_single/index.html#security.settings.roles. Does that not fit your need? If so, please elaborate as to why not.
-
2. Re: Topic authentication using Interceptors?
Hi Justin,
Thank you for your reply and thoughts on the subject. I took a look at the link you gave and noticed that the definitions of "who may do what" is defined in xml. In my project users and topics are dynamically generated over time, so they are not yet known at the configuration phase. "Who may do what" is defined in a database and can change every minute. That is why my thoughts did go to a interceptor which reads the access rules from the database and checks who accesses what in the jms server. Another possibility would be to check the source of the existing authorisation / authentication classes and replace the xml with a database scheme, but i suspect i would run into trouble when i want to "plugin" my own implementation into hornetq without rebuilding the original hornetq source tree?
-
3. Re: Topic authentication using Interceptors?
1 of 1 people found this helpfulMy recommendation would be to either implement a JAAS login module that would read the information from the database or use JBoss AS7 where you can use the existing JAAS database login module as well as a JCA-based JDBC datasource that is pooled and has a lot of convenient configuration options.
-
4. Re: Topic authentication using Interceptors?
To be clear, I think using interceptors for this functionality is misguided. The security subsystem is pluggable and built explicitly for this purpose. You should use it - either in standalone mode or in AS7.