0 Replies Latest reply on Aug 12, 2010 4:41 AM by Steve - sdsfsafasfd

    Subscription Management in adaptor

    Steve - sdsfsafasfd

      I am looking at managing access to subscriptions. Currently the MessageService class in LCDS 3.1 has the following logic in the subscribe method handling:








      (adapter instanceof MessagingAdapter)


      MessagingSecurityConstraintManager manager = ((MessagingAdapter)adapter).getSecurityConstraintManager();


      if(manager != null)

           manager.assertSubscribeAuthorization();  // 1. no access to message










                replyMessage = (Message)adapter.manage(command); //2. no communication back to the service from here other than exception



                testSelector(selectorExpr, command);




           int maxFrequency = processMaxFrequencyHeader(command);

           subscriptionManager.addSubscriber(clientId, selectorExpr, subtopicString, endpointId, maxFrequency); // subscribe anyway








      Form the above code: at point 1  I can add a securityConstraintManager, but I do not have access to the actual message, just an ability to subscribe or not based on the  UserPrincipal and roles for the user, but not the message.

      At point 2 I can examine both but any response other than throwing an exception is ignored by the service as a factor in whether to subscribe or not. Over and above this the addSubscriber() method is always called unless I throw an exception. which means I cannpt pass a reponse message back to the client. I looked at overriding this method, but as it refers to both private variables (subscriberLock) and private methods inside the protected method this makes it impossible to override with copying the entire class (or reflectively ignoring the access modifiers).


      It seems that the manage my own subscription hooks does not affect how users are subscribed other than through exceptions - which seems very clunky - or I have to implement extra logic to filter which clients get which messages on the outbound path as some users will be subscribed when I do not want them to be.


      Can you look at providing a better callback cycle and some clearer docs at what the recommended approach should be.