activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Reese <are...@yahoo-inc.com>
Subject RE: Question about org.apache.activemq.security.AuthorizationBroker
Date Mon, 27 Sep 2010 17:45:33 GMT
Great thanks.

That means my test code isn't wrong, I just need to test better.

--Allen 

-----Original Message-----
From: chubrilo@gmail.com [mailto:chubrilo@gmail.com] On Behalf Of Dejan Bosanac
Sent: Monday, September 27, 2010 12:56 AM
To: dev@activemq.apache.org
Subject: Re: Question about org.apache.activemq.security.AuthorizationBroker

Hi Allen,

it returns the existing destination in case it already exists. Some more info on that particular
part of code could be found in comments of this issue: https://issues.apache.org/activemq/browse/AMQ-1747


Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/ ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net



On Sat, Sep 25, 2010 at 12:33 AM, Allen Reese <areese@yahoo-inc.com> wrote:
> I'm playing with org.apache.activemq.security.AuthorizationBroker, and I'm not quite
sure I understand what it is doing.
>
> This is from the 5.3.2 code, but it's almost exactly the same in the trunk.
> Lines 62-65, entire function below.
>
> http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/jav
> a/org/apache/activemq/security/AuthorizationBroker.java
>
> The part I don't understand is why it calls super.addDestination() if it doesn't exist
without first checking the acl's.
>
> Will this code get called again to verify the acl once it's in the DestinationMap?
>
> Thanks
>
> --Allen
>
> Function I'm talking about:
>
>   public Destination addDestination(ConnectionContext context, 
> ActiveMQDestination destination) throws Exception {
>        final SecurityContext securityContext = 
> (SecurityContext)context.getSecurityContext();
>        if (securityContext == null) {
>            throw new SecurityException("User is not authenticated.");
>        }
>
>        Destination existing = 
> this.getDestinationMap().get(destination);
>        if (existing != null) {
>                return super.addDestination(context, destination);
>        }
>
>        if (!securityContext.isBrokerContext()) {
>            Set<?> allowedACLs = null;
>            if (!destination.isTemporary()) {
>                allowedACLs = 
> authorizationMap.getAdminACLs(destination);
>            } else {
>                allowedACLs = 
> authorizationMap.getTempDestinationAdminACLs();
>            }
>
>            if (allowedACLs != null && 
> !securityContext.isInOneOf(allowedACLs)) {
>                throw new SecurityException("User " + 
> securityContext.getUserName() + " is not authorized to create: " + 
> destination);
>            }
>
>        }
>
>        return super.addDestination(context, destination);
>    }

Mime
View raw message