Hi Indika, The jaas authentication will handle the AMQP URL username/password. It will have a custom callback handler to extract the username and password from the URL and create a authentication subject to be authorized from.
I planned to keep the create queue/topic permission separately from the subscribe/publish permissions so that anyone who has the create permission can create any queue/topic. My thought for the admin user is that he should have all the above permissions since a new user will always test out MB using the admin user. Thanks, Akalanka. On Wed, Feb 24, 2016 at 2:45 PM, Hasitha Amal De Silva <[email protected]> wrote: > Hi Indika, > > comments inline. > > On Wed, Feb 24, 2016 at 2:32 PM, Indika Sampath <[email protected]> wrote: > >> Hi Akalanka, >> >> I have few questions. >> >> 1. How are we authorize user's who connect to broker via JMS client >> program? In that case we only passing username and password in AMQP URL. >> User may not assigned to any role at the moment other than default role >> (Internal/everyone). >> > > I think there should be a relationship between the "create" permission and > the "subscribe","publish" permissions such that if a user connects through > the client and creates queue A, he will also get permissions to pub/sub to > queue A. WDYT ? > >> >> 2. Is subscribe action meant to create queue/topic as well? or only allow >> to consume? >> > > Being able to subscribe should not imply a "create" permission. However, > being able to "create" a queue can imply pub/sub permissions to only that > queue. > >> >> >> >> >> -- >> Indika Sampath >> Senior Software Engineer >> WSO2 Inc. >> http://wso2.com >> >> Phone: +94 716 424 744 >> Blog: http://indikasampath.blogspot.com/ >> >> > > > -- > Cheers, > > Hasitha Amal De Silva > Software Engineer > Mobile : 0772037426 > Blog : http://devnutshell.tumblr.com/ > WSO2 Inc.: http://wso2.com ( lean.enterprise.middleware. ) > -- *Darshana Akalanka Pagoda Arachchi,* *Software Engineer* *078-4721791*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
