3 Replies Latest reply on Oct 9, 2003 5:49 AM by Adrian Brock

    JMS Message Level Authorization

    wippel Newbie

      I have clients of a topic that are only allowed to see a subset of the messages on that topic based on their security profile. I am looking for a way to authorize individual messages based on message content.

      Any ideas ?

        • 1. Re: JMS Message Level Authorization
          Adrian Brock Master

          There is no standard mechanism to do this.
          The security is at the destination level.
          Why can't you create separate topics for sensitive messages?

          Regards,
          Adrian

          • 2. Re: JMS Message Level Authorization
            wippel Newbie

            Due to the nature of the problem, it would require perhaps 1000's of topics. Not sure if this is a problem.

            • 3. Re: JMS Message Level Authorization
              Adrian Brock Master

              Why? Topics are just multiple fifo queues (one for each subscriber).

              One to use one Topic would be to write your own
              JBossMQ interceptor that modifies the user's selector
              according to their authority when they subscribe.

              e.g. If the message has a property that defines a "Role" that can
              see the message, you would add
              "and (Role = 'UserRole1' or Role = 'UserRole2')"

              If the selector fails to match, the message is not added
              to the user's subscription.

              If you look at JBossMQ's security intercepor you can
              see how it determines the roles for a user.

              But checking the selector is likely to make it perform slower
              than having multiple topics.

              Regards,
              Adrian