You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by craig w <co...@gmail.com> on 2013/05/28 14:40:57 UTC

CertificateLoginModule -- access to destination being subscribed to?

When a client (websocket in particular) connects to Apollo using wss://, is
there some way to tell which destination they're subscribing to (/topic/foo
for example)?

I need custom login logic that does some verification with a 3rd party
service when a user tries to connect and subscribe to a certain
destination, so if a user tries to subscribe to /topic/foo I need to make
sure they are allowed to do that (by querying a 3rd party service). I was
going to extend CertificateLoginModule, override the login method and call
the 3rd party service using information from the client's certificate and
the name of the destination they tried to connect to, however, I don't see
how to get access to that information (the destination name).

Is there some other way to do this?

Thanks in advance,
Craig

Re: CertificateLoginModule -- access to destination being subscribed to?

Posted by craig w <co...@gmail.com>.

To be more clear (perhaps), I need some way of either to prevent a user
from subscribing to a destination based on results from a 3rd party service
-- user tries to subscribe, I use the user information and destination name
to query a 3rd party service.

I'll be using dynamic topics where the topic name will contain some value
which is used to determine if a user is allowed to access the content. For
example, /topic/data/abc123 and /topic/data/abc456  ...some users should be
able to see data on both topics while other users can only see data for
"abc123" and some for "abc456".

I think some sort of custom authorization is required (
http://activemq.apache.org/apollo/documentation/user-manual.html#Authorization)
but I'm not sure the current capabilities are sufficient for my needs.  Any
ideas would be greatly appreciated.

Thanks

On Tue, May 28, 2013 at 8:40 AM, craig w <co...@gmail.com> wrote:

> When a client (websocket in particular) connects to Apollo using wss://,
> is there some way to tell which destination they're subscribing to
> (/topic/foo for example)?
>
> I need custom login logic that does some verification with a 3rd party
> service when a user tries to connect and subscribe to a certain
> destination, so if a user tries to subscribe to /topic/foo I need to make
> sure they are allowed to do that (by querying a 3rd party service). I was
> going to extend CertificateLoginModule, override the login method and call
> the 3rd party service using information from the client's certificate and
> the name of the destination they tried to connect to, however, I don't see
> how to get access to that information (the destination name).
>
> Is there some other way to do this?
>
> Thanks in advance,
> Craig
>