[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [xmlblaster] Receive Only Client


i would say you have a authorization question: 'Who may do what?'

This should be implemented as a plugin of


you could use the existing "htpasswd" plugin and implement your behavior in


public boolean isAuthorized(SessionHolder sessionHolder, DataHolder dataHolder) {
if (this.authenticated == false) {
log.warning("Authentication of user " + getName() + " failed");
return false;
if (sessionHolder.getSessionInfo().getSessionName().getLoginName().equals("jackTheSubscriber") &&
(dataHolder.getAction().equals(MethodName.PUBLISH) ||
dataHolder.getAction().equals(MethodName.PUBLISH_ARR) ||
dataHolder.getAction().equals(MethodName.PUBLISH_ONEWAY))) {
log.warning("Reject publish attempt by " + sessionHolder.getSessionInfo().getSessionName().getAbsoluteName());
return false;

log.finer("No authorization check for action='" + dataHolder.getAction() + "' on key='" +dataHolder.getKeyOid() + "' is implemented, access generously granted.");
return true;

Prefer to use the current xmlBlaster from svn as I_Session.java has changed the method signature.

If you choose to code it more generic, for example to be configurable in a external
configuration file like 'xmlBlaster.htpasswd' we could add your lines of code
to the distribution.


Matthew Sargent wrote:
Hey all,

I would like to have two classes of subscriber: 1) able to subscribe and
publish and 2) only able to subscribe. What would I need to do in order to
make this happen. I have toyed with the idea of having 2 ports (both SSL)
that can be connected to, and only have on of them allow publishing, or
create various users and re-work some aspect of xmlBlaster to govern this
based on user name and password.

Any better suggestions? Places to look, solutions already in play?