Message-Level Authorization - for producers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Message-Level Authorization - for producers

Vince Cole
I have a requirement for the broker to validate that the message destination (specified in the message producer's request) is allowed, given a (business-defined) set of rules (implemented in an external service) which determine (from the message content) what destination(s) would be permitted.

I see in the documentation - bottom of page http://activemq.apache.org/security.html - that message level auth is possible.

However, it looks like this is only available for consumers?
The interface which the MLA plugin must implement only contains the method 'isAllowedToConsume'.

I want my broker instance to perform this check when a producer tries to SEND a message into the broker.

Is this possible, and if so, how?

Thanks in advance.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Message-Level Authorization - for producers

Tim Bain
Although I haven't done this myself, the documentation on custom
interceptors (http://activemq.apache.org/interceptors.html) sounds like
there are far more options available than just the one from the class you
referenced. The send() method would be the one I'd expect you'd want to
implement.

On Mar 7, 2017 7:14 AM, "Vince Cole" <[hidden email]> wrote:

> I have a requirement for the broker to validate that the message
> destination
> (specified in the message producer's request) is allowed, given a
> (business-defined) set of rules (implemented in an external service) which
> determine (from the message content) what destination(s) would be
> permitted.
>
> I see in the documentation - bottom of page
> http://activemq.apache.org/security.html - that message level auth is
> possible.
>
> However, it looks like this is only available for consumers?
> The interface which the MLA plugin must implement only contains the method
> 'isAllowedToConsume'.
>
> I want my broker instance to perform this check when a producer tries to
> SEND a message into the broker.
>
> Is this possible, and if so, how?
>
> Thanks in advance.
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.
> nabble.com/Message-Level-Authorization-for-producers-tp4723168.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
Loading...