Salute,
i would say you have a authorization question: 'Who may do what?'
This should be implemented as a plugin of
xmlBlaster/src/java/org/xmlBlaster/authentication/plugins/I_Session.java
you could use the existing "htpasswd" plugin and implement your behavior in
xmlBlaster/src/java/org/xmlBlaster/authentication/plugins/htpasswd/Session.java:
-------------------------------
public boolean isAuthorized(SessionHolder sessionHolder, DataHolder
dataHolder) {
if (this.authenticated == false) {
log.warning("Authentication of user " + getName() + " failed");
return false;
}
if
(sessionHolder.getSessionInfo().getSessionName().getLoginName().equals("jackTheSubscriber")
&&
(dataHolder.getAction().equals(MethodName.PUBLISH) ||
dataHolder.getAction().equals(MethodName.PUBLISH_ARR) ||
dataHolder.getAction().equals(MethodName.PUBLISH_ONEWAY))) {
log.warning("Reject publish attempt by " +
sessionHolder.getSessionInfo().getSessionName().getAbsoluteName());
return false;
}
log.finer("No authorization check for action='" +
dataHolder.getAction() + "' on key='" +dataHolder.getKeyOid() + "' is
implemented, access generously granted.");
return true;
}
-------------------------------
Prefer to use the current xmlBlaster from svn as I_Session.java has
changed the method signature.
If you choose to code it more generic, for example to be configurable in
a external
configuration file like 'xmlBlaster.htpasswd' we could add your lines of
code
to the distribution.
regards
Marcel
Matthew Sargent wrote:
Hey all,
I would like to have two classes of subscriber: 1) able to subscribe and
publish and 2) only able to subscribe. What would I need to do in order to
make this happen. I have toyed with the idea of having 2 ports (both SSL)
that can be connected to, and only have on of them allow publishing, or
create various users and re-work some aspect of xmlBlaster to govern this
based on user name and password.
Any better suggestions? Places to look, solutions already in play?
Matt
