You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Luís Alves (Jira)" <ji...@apache.org> on 2020/08/03 07:31:00 UTC
[jira] [Updated] (ARTEMIS-2861) Add queue name as a parameter to
ActiveMQSecurityManager
[ https://issues.apache.org/jira/browse/ARTEMIS-2861?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luís Alves updated ARTEMIS-2861:
--------------------------------
Description:
Currently I was trying to integrate Artemis with OpenId Connect (Oauth2.0) and User Managed Access 2.0 (UMA 2.0) using Keycloak implementation. I want to have fine grained access control over operations over addresses and queues (subscriptions) like described on https://issues.apache.org/jira/browse/ARTEMIS-592. I've investigated as proposed in https://medium.com/@joelicious/extending-artemis-security-with-oauth2-7fd9b3dffe3 and it solves the authN part. For the authZ part I've already had some feedback here https://stackoverflow.com/questions/63191001/activemq-artemis-activemqsecuritymanager4-verify-clientid-subscription, but I think org.apache.activemq.artemis.core.server.SecuritySettingPlugin will not give the needed control. So I'm proposing that ActiveMQSecurityManager latest implementation adds the queue name as the calling method:
{code:java}
@Override
public void check(final SimpleString address,
final SimpleString queue,
final CheckType checkType,
final SecurityAuth session) throws Exception {
{code}
already has this information.
was:Currently I was trying to integrate Artemis with OpenId Connect (Oauth2.0) and User Managed Access 2.0 (UMA 2.0) using Keycloak implementation. I want to have fine grained access control over operations over addresses and queues (subscriptions) like described on https://issues.apache.org/jira/browse/ARTEMIS-592. I've investigated as proposed in https://medium.com/@joelicious/extending-artemis-security-with-oauth2-7fd9b3dffe3 and it solves the authN part. For the authZ part I've already had some feedback here https://stackoverflow.com/questions/63191001/activemq-artemis-activemqsecuritymanager4-verify-clientid-subscription, but I think org.apache.activemq.artemis.core.server.SecuritySettingPlugin will not give the needed control. So I'm proposing that ActiveMQSecurityManager latest implementation adds the queue name as the calling method
> Add queue name as a parameter to ActiveMQSecurityManager
> ---------------------------------------------------------
>
> Key: ARTEMIS-2861
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2861
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: API
> Affects Versions: 2.14.0
> Reporter: Luís Alves
> Priority: Major
>
> Currently I was trying to integrate Artemis with OpenId Connect (Oauth2.0) and User Managed Access 2.0 (UMA 2.0) using Keycloak implementation. I want to have fine grained access control over operations over addresses and queues (subscriptions) like described on https://issues.apache.org/jira/browse/ARTEMIS-592. I've investigated as proposed in https://medium.com/@joelicious/extending-artemis-security-with-oauth2-7fd9b3dffe3 and it solves the authN part. For the authZ part I've already had some feedback here https://stackoverflow.com/questions/63191001/activemq-artemis-activemqsecuritymanager4-verify-clientid-subscription, but I think org.apache.activemq.artemis.core.server.SecuritySettingPlugin will not give the needed control. So I'm proposing that ActiveMQSecurityManager latest implementation adds the queue name as the calling method:
> {code:java}
> @Override
> public void check(final SimpleString address,
> final SimpleString queue,
> final CheckType checkType,
> final SecurityAuth session) throws Exception {
> {code}
> already has this information.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)