activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Bucatanschi (JIRA)" <j...@apache.org>
Subject [jira] Commented: (AMQ-1747) Writing to predefined destinations without admin priviledges
Date Fri, 12 Dec 2008 02:56:05 GMT

    [ https://issues.apache.org/activemq/browse/AMQ-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=48139#action_48139
] 

Dan Bucatanschi commented on AMQ-1747:
--------------------------------------

Hi! I am writing a custom authorization and authentication plugin for the lab where I am working.
Because I still do not fully understand what happens behind the scenes in ActiveMQ, I usually
browse the ActiveMQ source code and the latest snapshots so that I can keep our security plugin
up to date with the latest patches that the AuthorizationBroker gets here. So looking here,
I saw this patch for this issue. I was just wondering if instead of:

return existing;

inside the if statement (looking at the diff with the previous version of the AuthorizationBroker.java),
one should write:

return super.addDestination(context, destination);

just like it is at the end of the addDestination method in AuthorizationBroker. It makes sense
to me to do that since we're not just trying to add a user to an already existing destination,
but we should also "announce" this addition throughout the whole BrokerFilter stack, shouldn't
we? This way, for example, Advisory topics also get updated with the fact that this user tried
adding this destination for herself. I assume that other BrokerFilters rely on this behavior
(that addDestination() gets called for every user requesting a destination successfully).

Or do I have this totally wrong and the addDestination method should only be used for adding
destinations inside the broker, not to a user's connection? If that's the case, why is it
that the issue described here appeared in the first place? Isn't the broker trying to create
a destination (i.e. addDestination gets called) automatically for every new user requesting
it?

Thanks,
-Dan


> Writing to predefined destinations without admin priviledges
> ------------------------------------------------------------
>
>                 Key: AMQ-1747
>                 URL: https://issues.apache.org/activemq/browse/AMQ-1747
>             Project: ActiveMQ
>          Issue Type: Bug
>    Affects Versions: 5.1.0
>            Reporter: Dejan Bosanac
>            Assignee: Rob Davies
>             Fix For: 5.2.0
>
>         Attachments: activemq-predefined.patch
>
>
> Trying to write to predefined destinations without admin privileges raises "cannot create
destination" exception. More info could be foundin the folllowinf thread - http://www.nabble.com/Secutiry-and-Predefined-Destinations-tt17370190s2354.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message