public class AuthorizationFilter extends EnvironmentFilter
AuthorizationFilter asserts that actions are allowed to execute first before they are actually
executed. Such actions include creating, removing, reading from and writing to destinations.
This implementation is strictly permission-based, allowing for the finest-grained security policies possible.
Whenever a Subject associated with a connection attempts to perform an Action (such as creating a
destination, or reading from a queue, etc), one or more Permissions representing that action are
checked.
If the SubjectisPermitted to perform the
action, the action is allowed to execute and the broker filter chain executes uninterrupted.
However, if the Subject is not permitted to perform the action, an UnauthorizedException will be
thrown, preventing the filter chain from executing that action.
Action is guarded by one or more Permissions as indicated by a configurable
actionPermissionResolver. The
actionPermissionResolver indicates which permissions must be granted to the connection Subject in
order for the action to execute.
The default actionPermissionResolver instance is a
DestinationActionPermissionResolver, which indicates which permissions
are required to perform any action on a particular destination. Those familiar with Shiro's
WildcardPermission syntax will find the
DestinationActionPermissionResolver's
createPermissionString method
documentation valuable for understanding how destination actions are represented as permissions.ActionPermissionResolver,
DestinationActionPermissionResolvernext| Constructor and Description |
|---|
AuthorizationFilter() |
| Modifier and Type | Method and Description |
|---|---|
Subscription |
addConsumer(ConnectionContext context,
ConsumerInfo info) |
Destination |
addDestination(ConnectionContext context,
ActiveMQDestination destination,
boolean create) |
void |
addDestinationInfo(ConnectionContext context,
DestinationInfo info) |
void |
addProducer(ConnectionContext context,
ProducerInfo info) |
protected void |
assertAuthorized(DestinationAction action) |
protected void |
assertAuthorized(DestinationAction action,
java.lang.String verbText) |
protected java.lang.String |
createUnauthorizedMessage(org.apache.shiro.subject.Subject subject,
DestinationAction action,
java.lang.String verbDisplayText) |
ActionPermissionResolver |
getActionPermissionResolver()
Returns the
ActionPermissionResolver used to indicate which permissions are required to be granted to
a Subject to perform a particular destination Action, (such as creating a
destination, or reading from a queue, etc). |
protected org.apache.shiro.subject.Subject |
getSubject(ConnectionContext ctx)
Returns the
Subject associated with the specified connection using a
ConnectionSubjectResolver. |
protected boolean |
isSystemBroker(DestinationAction action) |
void |
removeDestination(ConnectionContext context,
ActiveMQDestination destination,
long timeout) |
void |
removeDestinationInfo(ConnectionContext context,
DestinationInfo info) |
void |
send(ProducerBrokerExchange exchange,
Message message) |
void |
setActionPermissionResolver(ActionPermissionResolver actionPermissionResolver)
Sets the
ActionPermissionResolver used to indicate which permissions are required to be granted to
a Subject to perform a particular destination Action, (such as creating a
destination, or reading from a queue, etc). |
protected java.lang.String |
toString(org.apache.shiro.subject.Subject subject) |
getEnvironment, setEnvironmentisEnabled, setEnabledacknowledge, addBroker, addConnection, addSession, beginTransaction, brokerServiceStarted, commitTransaction, fastProducer, forgetTransaction, gc, getAdaptor, getAdminConnectionContext, getBrokerId, getBrokerName, getBrokerSequenceId, getBrokerService, getClients, getDestinationMap, getDestinationMap, getDestinations, getDestinations, getDurableDestinations, getExecutor, getNext, getPeerBrokerInfos, getPreparedTransactions, getRoot, getScheduler, getTempDataStore, getVmConnectorURI, isExpired, isFaultTolerantConfiguration, isFull, isStopped, messageConsumed, messageDelivered, messageDiscarded, messageExpired, messagePull, networkBridgeStarted, networkBridgeStopped, nowMasterBroker, postProcessDispatch, prepareTransaction, preProcessDispatch, processConsumerControl, processDispatchNotification, reapplyInterceptor, removeBroker, removeConnection, removeConsumer, removeProducer, removeSession, removeSubscription, rollbackTransaction, sendToDeadLetterQueue, setAdminConnectionContext, setNext, slowConsumer, start, stoppublic ActionPermissionResolver getActionPermissionResolver()
ActionPermissionResolver used to indicate which permissions are required to be granted to
a Subject to perform a particular destination Action, (such as creating a
destination, or reading from a queue, etc). The default instance is a
DestinationActionPermissionResolver.ActionPermissionResolver used to indicate which permissions are required to be granted to
a Subject to perform a particular destination Action, (such as creating a
destination, or reading from a queue, etc).public void setActionPermissionResolver(ActionPermissionResolver actionPermissionResolver)
ActionPermissionResolver used to indicate which permissions are required to be granted to
a Subject to perform a particular destination Action, (such as creating a
destination, or reading from a queue, etc). Unless overridden by this method, the default instance is a
DestinationActionPermissionResolver.actionPermissionResolver - the ActionPermissionResolver used to indicate which permissions are
required to be granted to a Subject to perform a particular destination
Action, (such as creating a destination, or reading from a queue, etc).protected org.apache.shiro.subject.Subject getSubject(ConnectionContext ctx)
Subject associated with the specified connection using a
ConnectionSubjectResolver.ctx - the connection contextSubject associated with the specified connection.protected java.lang.String toString(org.apache.shiro.subject.Subject subject)
protected void assertAuthorized(DestinationAction action)
protected boolean isSystemBroker(DestinationAction action)
protected void assertAuthorized(DestinationAction action, java.lang.String verbText)
protected java.lang.String createUnauthorizedMessage(org.apache.shiro.subject.Subject subject,
DestinationAction action,
java.lang.String verbDisplayText)
public void addDestinationInfo(ConnectionContext context, DestinationInfo info) throws java.lang.Exception
addDestinationInfo in interface BrokeraddDestinationInfo in class MutableBrokerFilterjava.lang.Exceptionpublic Destination addDestination(ConnectionContext context, ActiveMQDestination destination, boolean create) throws java.lang.Exception
addDestination in interface RegionaddDestination in class MutableBrokerFilterjava.lang.Exceptionpublic void removeDestination(ConnectionContext context, ActiveMQDestination destination, long timeout) throws java.lang.Exception
removeDestination in interface RegionremoveDestination in class MutableBrokerFilterjava.lang.Exceptionpublic void removeDestinationInfo(ConnectionContext context, DestinationInfo info) throws java.lang.Exception
removeDestinationInfo in interface BrokerremoveDestinationInfo in class MutableBrokerFilterjava.lang.Exceptionpublic Subscription addConsumer(ConnectionContext context, ConsumerInfo info) throws java.lang.Exception
addConsumer in interface RegionaddConsumer in class MutableBrokerFilterjava.lang.Exceptionpublic void addProducer(ConnectionContext context, ProducerInfo info) throws java.lang.Exception
addProducer in interface BrokeraddProducer in interface RegionaddProducer in class MutableBrokerFilterjava.lang.Exceptionpublic void send(ProducerBrokerExchange exchange, Message message) throws java.lang.Exception
send in interface Regionsend in class MutableBrokerFilterjava.lang.ExceptionCopyright © 2005-2016 Red Hat, Inc.. All Rights Reserved.