Lightstreamer JMS Extender - Authentication and Authorization Demo - Java Hook
The JMS Extender Authentication and Authorization Demo is a simple example illustrating authentication and authorization mechanisms when an external Web/Application Server is involved in the process.
This project includes a simple hook implementation that includes user validation and items authorization logics.
Here is an overview of the whole sequence:
In this demo client the Web/Application server is not actually involved and calls to placeholder methods are performed to validate the tokens.
[...] AuthorizationResult result= AuthorizationRequest.validateToken(user, password); if (result != AuthorizationResult.OK) throw new HookException("Unauthorized access: token invalid for user '" + user + "'", result.toString()); [...]
This demo also implements Authorization handling of consumer, producer and durable subscription creation requests. Every time a creation request is issued, the hook verifies if the user issuing the request is actually authorized to access the specified destination. Again, a real case might query an external service to verify the user authorizations; this example simply checks on an hard-coded list
[...] AuthorizationResult result= AuthorizationRequest.authorizeDestination(user, destinationName); if (result != AuthorizationResult.OK) throw new HookException("Unauthorized access: user '" + user + "' can't receive messages from destination '" + destinationName + "'", result.toString()); [...]
Querying an external service at each request is a discouraged approach, though. If the authorizations are actually placed on an external service,
it is suggested to use the approach shown in the
AuthHookWithAuthCache class where authorizations are queried at connection startup and cached
in the adapter.
More details and comments on how the authentication/authorization cycle is accomplished is available in the source code of the application.
The JMS Extender Configuration
- The project includes two different MetadataProvider implementations; replace
AuthHookWithAuthCacheto use the alternative version.
- The project relies on two different JMS Extender Demo Services to show specific authorizations, they must be configured and running for the demo to work properly. Please refer to the following projects:
The JMS Extender must also be configured appropriately to use the provided hook. Its
jms_connectors_conf.xml file should look like:
<?xml version="1.0"?> <jms_connectors_conf> <common> <!-- Optional. Fully qualified class name of a hook with purpose of authentication and authorization of users. The hook also has the purpose of decorating names for client IDs and durable subscriptions. Must implement JmsExtenderHook interface. See docs for more information. The specified class corresponds to the Authentication and Authorization Demo Hook. --> <param name="hook">jmsex_auth_demo.hooks.AuthHook</param> </common> <!-- Sample JMS connector configured for HornetQ (AKA JBoss Messaging). --> <jms_connector name="HornetQ"> [...] </jms_connector> </jms_connectors_conf>
If you want to install this Demo in your local Lightstreamer JMS Extender, follow these steps.
- Download and install the Lightstreamer JMS Extender. Please refer to Lightstreamer web site download page to find Lightstreamer JMS Extender download packages.
- Make sure that the JMS Extender is not running.
- Get the deploy.zip file, from the releases of this project, unzip it, go to the
Deployment_LSfolder and copy the
jms_connectors/libfolder of your JMS Extender installation.
- Edit the
jms_connectors/jms_connectors_conf.xmlfile of your JMS Extender installation by adding the appropriate hook class in the
<param name="hook">tag of the
<param name="hook">jmsex_auth_demo.hooks.AuthHook</param>for the direct version;
<param name="hook">jmsex_auth_demo.hooks.AuthHookWithAuthCache</param>for the cached version.
- Launch Lightstreamer JMS Extender.
To build your own version of
JMS_Auth_demo.jar, instead of using the one provided in the
deploy.zip file from the Install section above, follow these steps.
- Download this project.
- Get the
ls-jms-hook-interface.jarfile from the latest Lightstreamer JMS Extender distribution, and copy it into the
jarare available on the path, from the command line run:
javac -classpath ./lib/ls-jms-hook-interface.jar -d ./classes ./src/jmsex_auth_demo/hooks/*.java
- Then create the jar:
jar cvf JMS_Auth_demo.jar -C classes ./
- Copy the just compiled
jms_connectors/libfolder of your Lightstreamer JMS Extender installation.
Clients Using This Adapter
JMS Extender Compatibility Notes
- Compatible with Lightstreamer JMS Extender SDK for Java Hooks since 1.5 or newer.