Return-Path: Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: (qmail 90069 invoked from network); 12 Dec 2008 02:56:29 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Dec 2008 02:56:29 -0000 Received: (qmail 29274 invoked by uid 500); 12 Dec 2008 02:56:41 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 29246 invoked by uid 500); 12 Dec 2008 02:56:41 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 29234 invoked by uid 99); 12 Dec 2008 02:56:41 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Dec 2008 18:56:41 -0800 X-ASF-Spam-Status: No, hits=-3.8 required=10.0 tests=RCVD_IN_DNSWL_MED,WHOIS_MYPRIVREG X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Dec 2008 02:56:26 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 94B27234C39D for ; Thu, 11 Dec 2008 18:56:05 -0800 (PST) Message-ID: <1511567609.1229050565607.JavaMail.jira@brutus> Date: Thu, 11 Dec 2008 18:56:05 -0800 (PST) From: "Dan Bucatanschi (JIRA)" To: dev@activemq.apache.org Subject: [jira] Commented: (AMQ-1747) Writing to predefined destinations without admin priviledges In-Reply-To: <1143305503.1211890435349.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/activemq/browse/AMQ-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=48139#action_48139 ] Dan Bucatanschi commented on AMQ-1747: -------------------------------------- Hi! I am writing a custom authorization and authentication plugin for the lab where I am working. Because I still do not fully understand what happens behind the scenes in ActiveMQ, I usually browse the ActiveMQ source code and the latest snapshots so that I can keep our security plugin up to date with the latest patches that the AuthorizationBroker gets here. So looking here, I saw this patch for this issue. I was just wondering if instead of: return existing; inside the if statement (looking at the diff with the previous version of the AuthorizationBroker.java), one should write: return super.addDestination(context, destination); just like it is at the end of the addDestination method in AuthorizationBroker. It makes sense to me to do that since we're not just trying to add a user to an already existing destination, but we should also "announce" this addition throughout the whole BrokerFilter stack, shouldn't we? This way, for example, Advisory topics also get updated with the fact that this user tried adding this destination for herself. I assume that other BrokerFilters rely on this behavior (that addDestination() gets called for every user requesting a destination successfully). Or do I have this totally wrong and the addDestination method should only be used for adding destinations inside the broker, not to a user's connection? If that's the case, why is it that the issue described here appeared in the first place? Isn't the broker trying to create a destination (i.e. addDestination gets called) automatically for every new user requesting it? Thanks, -Dan > Writing to predefined destinations without admin priviledges > ------------------------------------------------------------ > > Key: AMQ-1747 > URL: https://issues.apache.org/activemq/browse/AMQ-1747 > Project: ActiveMQ > Issue Type: Bug > Affects Versions: 5.1.0 > Reporter: Dejan Bosanac > Assignee: Rob Davies > Fix For: 5.2.0 > > Attachments: activemq-predefined.patch > > > Trying to write to predefined destinations without admin privileges raises "cannot create destination" exception. More info could be foundin the folllowinf thread - http://www.nabble.com/Secutiry-and-Predefined-Destinations-tt17370190s2354.html -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.