On 26 Mar 2011, at 00:58, Danushka Menikkumbura wrote:
Hi Andrew/Marnie,
Actually my question was, when SecurityPlugin.authorise() is hit
for a given operation call, how do you identify the vhost?. That is
how do you identify on which vhost this operation is carried out?.
So, for an example when it gets called for Create, Bind, Publish,
etc I need to know the corresponding vhost.
Right, I understand what you're asking now.
The SecurityPlugin classes are managed by the SecurityManager, which
is instantiated per virtualhost. So, in VirtualHostImpl the
constructor creates a new SecurityManager that is a child of the
global (broker) SecurityManager (for plugin chaining and global
defaults) and initialises it with the virtualhost configuration,
similar to this:
private VirtualHostImpl(IApplicationRegistry registry,
VirtualHostConfiguration config, MessageStore store)
{
// ...
_securityManager = new SecurityManager
(registry.getSecurityManager());
_securityManager.configureHostPlugins(config);
// ...
}
Than, when a Queue, for eaxmple, needs to check the ACLs it looks up
the SecurityManager for its virtiualhost, like this:
if (!virtualHost.getSecurityManager().authoriseCreateQueue( /
* ... */ )) {
// exception ...
}
The security managers know which virtual host they are responsible
for, and also have a reference to the global manager so they can
delegate to it. The plugin itself has no knowledge of the
virtualhost, it just checks the ACL rules it was given when it was
initialised. Also, the security plugins only receive a subset of the
configuration file XML, taken from either //broker/virtualhosts/
virtualhost/name/security or //broker/security and then presented as
simply <security>...</security> so they do not know if they are
global or host plugins based on the configuration.
If you are writing a new plugin and want it to behave differently,
you would currently have to add an element to the XML configuration
that specified the part of the broker it is responsible for.
Hope this is useful...
Andrew.
--
-- andrew d kennedy ? do not fold, bend, spindle, or mutilate ;
-- http://grkvlt.blogspot.com/ ? edinburgh : +44 7582 293 255 ;
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
