Hi, I need to implement this advanced authentication and authorization scenario:
1) Every user can be member of 2 user groups: message readers and message writers 2) Readers group must only read only from queue messages.{username} where {username} is authenticated user name 3) Writers group must only write only to queue messages.{username} where {username} is authenticated user name
I can use existing JaasAuthenticationPlugin or SimpleAuthenticationPlugin for authentication. I can use existing AuthorizationPlugin for authorization but it's not optimal: I need to modify it's configuration on every change in users/groups. So, it will be more suitable to implement my own CustomAuthorizationPlugin to do it.
What is the right way to implement my own CustomAuthorizationPlugin? I tried to see AuthorizationPlugin and AuthorizationBroker implementations but I see the code overcomplicated for my more simple task. Can I implement only one class for intercept sending and recieving events with user/group info and raise authentication exception if needed? Need I use something like BrokerFilter and override some methods from it? How can I turn on my descendant of BrokerFilter for existing broker in this case? Can anybody give me a simple example?
-- Thanks, Eugene Prokopiev
