[ https://issues.apache.org/activemq/browse/AMQ-908?page=comments#action_37459 ] Aaron Mulder commented on AMQ-908: ----------------------------------
Here are the Geronimo ones: [GeronimoUserPrincipal|http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoUserPrincipal.java?view=markup] [GeronimoGroupPrincipal|http://svn.apache.org/viewvc/geronimo/server/trunk/modules/geronimo-security/src/main/java/org/apache/geronimo/security/realm/providers/GeronimoGroupPrincipal.java?view=markup] I'm sure Glassfish has some too, though I don't know where. Perhaps Harmony as well? My assumption was that we should look for a constructor with a single String, and if we don't find that, look for an empty constructor and a setName method that takes a single String, and if we don't find that, throw an Exception. If someone complains that they got the exception, then I guess we'll look at their principal classes to determine the next fallback position. :) > Authorization plugin should have configurable principal classes > --------------------------------------------------------------- > > Key: AMQ-908 > URL: https://issues.apache.org/activemq/browse/AMQ-908 > Project: ActiveMQ > Issue Type: Improvement > Components: Broker > Affects Versions: 4.0.1 > Reporter: Aaron Mulder > Fix For: 4.2.0, 4.0.3 > > > Currently, if you configure the authorization plugin, it assumes that all > principals listed should be of type > {{org.apache.activemq.jaas.GroupPrincipal}}. This is OK if you're using > ActiveMQ LoginModules, but since there's a fairly small supply of those, it > would be great if you could use arbitrary login modules and tell the > authorization plugin which principal classes to use. For example, > {{groupClass="weblogic.security.principal.WLSGroupImpl}} or something like > that. A good first step would be to let you change the group class. A good > second step would be to let you specify user and group classes and then > somehow indicate which names are which (e.g. > {{admin="administrators,user:aaron,user:bob"}} or whatever). Someday maybe > it will be nice to support any arbitrary combination of principal classes but > that seems far away. > When instantiating the principal classes, I imagine we should use a > constructor with a single String argument if available, or else a default > constructor plus a "setName" method, or else I guess bail. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/activemq/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
