If you just want to use a custom source for username/password authentication data you can easily do that now by using the PrincipalDatabase interface used by the existing PlainPasswordFilePrincipalDatabase and Base64MD5PasswordFilePrincipalDatabase implementations, and then using the configuration in config.xml to set your implementation class as the one to be used.
Similarly you could probably achieve your desired authorization semantics now by implementing a security plugin in similar fashion to the current ACL plugins, Firewall, etc. Robbie On 7 June 2010 12:12, Danushka Menikkumbura <[email protected]> wrote: > Andrew, > > I already have a user management module in my application that is used to > mange users/roles and privileges. I need to authenticate/authorize users > trying to connect ot Qpid broker against my user store. I can not do that > with the current SALS/ACL model in Qpid. > > Danushka > > On Mon, Jun 7, 2010 at 4:33 PM, Andrew Kennedy < > [email protected]> wrote: > >> On 7 June 2010 06:49, Danushka Menikkumbura <[email protected]> wrote: >> > Hi devs, >> > >> > AFAIK Qpid does not posses a pluggable security architecture. I basically >> > need to integrate a custom security implementation - apart from the >> SASL/ACL >> > based model that is there - so that I can use the security model in my >> > application to do authentication/access control in the Qpid broker. I >> would >> > like to know if you are already working on it or planning to have >> something >> > like that in the near future. >> > >> > Danushka >> >> Hi. >> >> What is it about the SASL and ACL security mechanisms that means you >> cannot use them? >> >> I recently finished some updates to the security plugins and I am >> still working on improving the access control mechanisms and adding a >> pluggable groups mechanism to the existing SASL authentication, both >> as OSGi plugins. One feature I have still to complete include the >> ability to allow external plugins to check if they are authorised, >> similar to the C++ broker, using an ACL entry that permissions OBJECTs >> with a specific class and package, which may be what you are looking >> for? >> >> Andrew. >> -- >> -- andrew d kennedy ? edinburgh : +44 7941 197 134 >> >> --------------------------------------------------------------------- >> Apache Qpid - AMQP Messaging Implementation >> Project: http://qpid.apache.org >> Use/Interact: mailto:[email protected] >> >> > > > -- > Danushka Menikkumbura > Technical Lead & Product Manager, WSO2 SOA Enablement Server > > WSO2, Inc.; http://wso2.com > Lean . Enterprise . Middleware > > phone : +94 77 364 1754 > blog : http://danushka-menikkumbura.blogspot.com/ > > Disclaimer: This communication may contain privileged or other confidential > information and is intended exclusively for the addressee/s. If you are not > the intended recipient/s, or believe that you may have received this > communication in error, please reply to the sender indicating that fact and > delete the copy you received and in addition, you should not print, copy, > retransmit, disseminate, or otherwise use the information contained in this > communication. Internet communications cannot be guaranteed to be timely, > secure, error or virus-free. The sender does not accept liability for any > errors or omissions. > --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
