activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Reese <are...@yahoo-inc.com>
Subject Question about org.apache.activemq.security.AuthorizationBroker
Date Fri, 24 Sep 2010 22:33:25 GMT
I'm playing with org.apache.activemq.security.AuthorizationBroker, and I'm not quite sure I
understand what it is doing.

This is from the 5.3.2 code, but it's almost exactly the same in the trunk.
Lines 62-65, entire function below.

http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java

The part I don't understand is why it calls super.addDestination() if it doesn't exist without
first checking the acl's.

Will this code get called again to verify the acl once it's in the DestinationMap?

Thanks

--Allen

Function I'm talking about:

   public Destination addDestination(ConnectionContext context, ActiveMQDestination destination)
throws Exception {
        final SecurityContext securityContext = (SecurityContext)context.getSecurityContext();
        if (securityContext == null) {
            throw new SecurityException("User is not authenticated.");
        }
        
        Destination existing = this.getDestinationMap().get(destination);
        if (existing != null) {
        	return super.addDestination(context, destination);
        }
        
        if (!securityContext.isBrokerContext()) {
            Set<?> allowedACLs = null;
            if (!destination.isTemporary()) {
                allowedACLs = authorizationMap.getAdminACLs(destination);
            } else {
                allowedACLs = authorizationMap.getTempDestinationAdminACLs();
            }

            if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) {
                throw new SecurityException("User " + securityContext.getUserName() + " is
not authorized to create: " + destination);
            }

        }

        return super.addDestination(context, destination);
    }
Mime
View raw message