This page last changed on Feb 10, 2009 by aidan.
The Qpid Java Server supports pluggable authorization modules through OSGi bundles.
New plugins must implement two classes. One of these should implement the org.apache.qpid.server.security.access.ACLPlugin interface. The other should implement the org.apache.qpid.server.security.access.ACLPluginFactory interface.
How authorization works
The collection of configured ACLPlugins are managed by an ACLManager class. This is queried by frame handlers as to whether access should be allowed or not. When this occurs, the manager conducts a vote amongst it's plugins. If any plugin votes to deny access, authorization is denied. If a server-level plugin denies access, but a virtualhost level plugin explicitly allows access, the virtualhost vote overrides the server-level plugins and it's vote is for access to be allowed. An instance of a plugin may abstain from a vote.
The ACLPluginFactory Interface.
This interface has two methods: boolean supportsTag(String) and ACLPlugin newInstance(Configuration). If the Factory can produce a plugin which is capable of handling the tag passed into supportsTag it must return true, otherwise it must return false.
If the plugin that the Factory is associated with supports that particular configuration tag, a new instance of that plugin should be created by newInstance and configured with the Configuration instance that is passed in.
The ACLPlugin Interface.
This interface has two types of method. setConfiguration is used to pass a Configuration object to the plugin to allow it to access configuration information. This will always be the complete children of one of the <security> sections of the server configuration file (either server-wide or one for a specific virtualhost).
The AuthzResult authorise* methods allow the plugin to restrict or grant access for a particular action. All methods take in an AMQProtocolSession to provide access to the authentication data and the underlying socket. If access should be granted, AuthzResult.ALLOWED should be returned. If access should be denied, AuthzResult.DENIED should be returned. If the plugin has no opinion as to whether access should be permitted, it should return AuthzResult.ABSTAIN.
The AbstractACLPlugin class
An abstract ACLPlugin is provided that abstains from all votes. It is useful if the plugin you are implementing only cares about a few methods, extend this and you need only implement the authoriseFoo methods the plugin is interested in.
|