activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dejan Bosanac <de...@nighttale.net>
Subject Re: Question about org.apache.activemq.security.AuthorizationBroker
Date Mon, 27 Sep 2010 07:56:22 GMT
Hi Allen,

it returns the existing destination in case it already exists. Some
more info on that particular part of code could be found in comments
of this issue: https://issues.apache.org/activemq/browse/AMQ-1747


Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net



On Sat, Sep 25, 2010 at 12:33 AM, Allen Reese <areese@yahoo-inc.com> wrote:
> I'm playing with org.apache.activemq.security.AuthorizationBroker, and I'm not quite
sure I understand what it is doing.
>
> This is from the 5.3.2 code, but it's almost exactly the same in the trunk.
> Lines 62-65, entire function below.
>
> http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
>
> The part I don't understand is why it calls super.addDestination() if it doesn't exist
without first checking the acl's.
>
> Will this code get called again to verify the acl once it's in the DestinationMap?
>
> Thanks
>
> --Allen
>
> Function I'm talking about:
>
>   public Destination addDestination(ConnectionContext context, ActiveMQDestination destination)
throws Exception {
>        final SecurityContext securityContext = (SecurityContext)context.getSecurityContext();
>        if (securityContext == null) {
>            throw new SecurityException("User is not authenticated.");
>        }
>
>        Destination existing = this.getDestinationMap().get(destination);
>        if (existing != null) {
>                return super.addDestination(context, destination);
>        }
>
>        if (!securityContext.isBrokerContext()) {
>            Set<?> allowedACLs = null;
>            if (!destination.isTemporary()) {
>                allowedACLs = authorizationMap.getAdminACLs(destination);
>            } else {
>                allowedACLs = authorizationMap.getTempDestinationAdminACLs();
>            }
>
>            if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs))
{
>                throw new SecurityException("User " + securityContext.getUserName()
+ " is not authorized to create: " + destination);
>            }
>
>        }
>
>        return super.addDestination(context, destination);
>    }

Mime
View raw message