Thanks for your replies! When do you need the subject, on the producer side or with message > listeners?
I have been assuming on the message listener side. I will be listening to multiple topics from different sources. P.S. Brian - don't forget that Shiro has a SubjectAwareExecutorService > that, if pluggable into ActiveMQ's threading configuration, would > ensure dispatch threads retain a Subject. This way, you don't need to > force the application thread to be used. I'll look into that too I think there is a deeper than a threading issue here. The subject needs to > be forwarded with th message as it can be read on any machine and should > still be authenticate. Usually the way these things are handled is by > writing a message security interceptor that wraps the message in an > security envelope that contains the subject information which is then used > by shiro. I started down that path by using camel-shiro. It ended up not being what I was looking for as that was message based authentication, and I was looking for topic based. At this point I am assuming a message sent by a broker (which checks the authc and authz ) is valid. Lots of assumptions at this point. I follow up with the ActiveMQ list and follow up here with the result for those interested. Thanks again! -Brian On Thu, Dec 1, 2011 at 2:18 PM, Lenny Primak <[email protected]> wrote: > I think there is a deeper than a threading issue here. The subject needs > to be forwarded with th message as it can be read on any machine and should > still be authenticate. Usually the way these things are handled is by > writing a message security interceptor that wraps the message in an > security envelope that contains the subject information which is then used > by shiro. > I did something like this but for EJB invocations in my FlowLogix tapestry > utility library > ( http://code.google.com/p/flowlogix/ ). > Look at the shiro interceptor filter. > > > > On Dec 1, 2011, at 1:43 PM, Les Hazlewood <[email protected]> wrote: > > Hi Brian, > > > I don't know the answer to this myself, but I'd be interested if you > > find out! I assume the ActiveMQ list will be able to tell you the > > threading details. If you find out and need some 'frameworky' > > assistance in integrating Shiro, please let us know. I'd be happy to > > help if I can. > > > Cheers, > > > Les > > > On Thu, Dec 1, 2011 at 8:08 AM, Brian Demers <[email protected]> > wrote: > > Has anyone created (or know of a lib) an ActiveMQ BrokerFilter for Shiro? > > > I started looking into doing this (so I would at least ask the right > > questions). It was easy to get authc working, but after that I started > > scratching my head. I don't know enough (at the moment) about the > threading > > model of activeMQ to know when/if the subject should be bound to the > > ThreadContext, or if/when subject.execute() can be called. > > > Any ideas or nudges in the right direction? > > > -Brian > > >
