activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dej...@apache.org
Subject activemq git commit: https://issues.apache.org/jira/browse/AMQ-6116 - improve security context
Date Fri, 08 Jan 2016 16:06:08 GMT
Repository: activemq
Updated Branches:
  refs/heads/master 43d493e52 -> 5f8a3df5a


https://issues.apache.org/jira/browse/AMQ-6116 - improve security context


Project: http://git-wip-us.apache.org/repos/asf/activemq/repo
Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/5f8a3df5
Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/5f8a3df5
Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/5f8a3df5

Branch: refs/heads/master
Commit: 5f8a3df5a4fc0822897cc1abdcd4d99924285937
Parents: 43d493e
Author: Dejan Bosanac <dejan@nighttale.net>
Authored: Fri Jan 8 17:05:58 2016 +0100
Committer: Dejan Bosanac <dejan@nighttale.net>
Committed: Fri Jan 8 17:05:58 2016 +0100

----------------------------------------------------------------------
 .../apache/activemq/security/AbstractAuthenticationBroker.java  | 2 --
 .../java/org/apache/activemq/security/AuthorizationBroker.java  | 5 ++++-
 .../activemq/security/AuthorizationDestinationFilter.java       | 1 -
 .../main/java/org/apache/activemq/security/SecurityContext.java | 5 -----
 .../apache/activemq/shiro/subject/SubjectSecurityContext.java   | 5 -----
 .../activemq/shiro/subject/SubjectSecurityContextTest.java      | 5 -----
 6 files changed, 4 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java
----------------------------------------------------------------------
diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java
b/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java
index 622a4f6..3b7efb9 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java
@@ -38,7 +38,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter
implemen
         next.removeDestination(context, destination, timeout);
 
         for (SecurityContext sc : securityContexts) {
-            sc.getAuthorizedReadDests().remove(destination);
             sc.getAuthorizedWriteDests().remove(destination);
         }
     }
@@ -53,7 +52,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter
implemen
 
     public void refresh() {
         for (SecurityContext sc : securityContexts) {
-            sc.getAuthorizedReadDests().clear();
             sc.getAuthorizedWriteDests().clear();
         }
     }

http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
----------------------------------------------------------------------
diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
index 2481f91..06eabd2 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
@@ -126,6 +126,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
             throw new SecurityException("User " + securityContext.getUserName() + " is not
authorized to remove: " + destination);
         }
 
+        securityContext.getAuthorizedWriteDests().remove(destination);
+
         super.removeDestination(context, destination, timeout);
     }
 
@@ -137,6 +139,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
             throw new SecurityException("User " + securityContext.getUserName() + " is not
authorized to remove: " + info.getDestination());
         }
 
+        securityContext.getAuthorizedWriteDests().remove(info.getDestination());
+
         super.removeDestinationInfo(context, info);
     }
 
@@ -154,7 +158,6 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
         if (!securityContext.isBrokerContext() && allowedACLs != null &&
!securityContext.isInOneOf(allowedACLs) ) {
             throw new SecurityException("User " + securityContext.getUserName() + " is not
authorized to read from: " + info.getDestination());
         }
-        securityContext.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
 
         /*
          * Need to think about this a little more. We could do per message

http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java
----------------------------------------------------------------------
diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java
b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java
index f0ac8b8..5bb56c7 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java
@@ -56,7 +56,6 @@ public class AuthorizationDestinationFilter extends DestinationFilter {
         if (!securityContext.isBrokerContext() && allowedACLs != null &&
!securityContext.isInOneOf(allowedACLs) ) {
             throw new SecurityException("User " + securityContext.getUserName() + " is not
authorized to read from: " + destination);
         }
-        securityContext.getAuthorizedReadDests().put(destination, destination);
 
         super.addSubscription(context, sub);
     }

http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java
----------------------------------------------------------------------
diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java
b/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java
index 8c32d62..fd677ce 100644
--- a/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java
@@ -47,7 +47,6 @@ public abstract class SecurityContext {
 
     final String userName;
 
-    final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedReadDests
= new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>();
     final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedWriteDests
= new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>();
 
     public SecurityContext(String userName) {
@@ -74,10 +73,6 @@ public abstract class SecurityContext {
         return userName;
     }
 
-    public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests()
{
-        return authorizedReadDests;
-    }
-
     public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests()
{
         return authorizedWriteDests;
     }

http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
index f344d8f..00014bf 100644
--- a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
@@ -73,11 +73,6 @@ public class SubjectSecurityContext extends SecurityContext {
     }
 
     @Override
-    public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests()
{
-        throw notAllowed("getAuthorizedReadDests");
-    }
-
-    @Override
     public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests()
{
         throw notAllowed("getAuthorizedWriteDests");
     }

http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
----------------------------------------------------------------------
diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
index 49d70ed..23e3dff 100644
--- a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
@@ -42,11 +42,6 @@ public class SubjectSecurityContextTest {
     }
 
     @Test(expected=UnsupportedOperationException.class)
-    public void testGetAuthorizedReadDests() {
-        ctx.getAuthorizedReadDests();
-    }
-
-    @Test(expected=UnsupportedOperationException.class)
     public void testGetAuthorizedWriteDests() {
         ctx.getAuthorizedWriteDests();
     }


Mime
View raw message