Return-Path: Delivered-To: apmail-activemq-dev-archive@www.apache.org Received: (qmail 79268 invoked from network); 24 Sep 2010 22:34:18 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 24 Sep 2010 22:34:18 -0000 Received: (qmail 238 invoked by uid 500); 24 Sep 2010 22:34:18 -0000 Delivered-To: apmail-activemq-dev-archive@activemq.apache.org Received: (qmail 161 invoked by uid 500); 24 Sep 2010 22:34:17 -0000 Mailing-List: contact dev-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list dev@activemq.apache.org Received: (qmail 153 invoked by uid 99); 24 Sep 2010 22:34:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Sep 2010 22:34:17 +0000 X-ASF-Spam-Status: No, hits=1.1 required=10.0 tests=NO_RDNS_DOTCOM_HELO,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [216.145.54.172] (HELO mrout2.yahoo.com) (216.145.54.172) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Sep 2010 22:34:07 +0000 Received: from SP2-EX07CAS02.ds.corp.yahoo.com (sp2-ex07cas02.corp.sp2.yahoo.com [98.137.59.38]) by mrout2.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id o8OMXSpb045493 for ; Fri, 24 Sep 2010 15:33:28 -0700 (PDT) Received: from SP2-EX07VS01.ds.corp.yahoo.com ([98.137.59.29]) by SP2-EX07CAS02.ds.corp.yahoo.com ([98.137.59.38]) with mapi; Fri, 24 Sep 2010 15:33:28 -0700 From: Allen Reese To: "dev@activemq.apache.org" Date: Fri, 24 Sep 2010 15:33:25 -0700 Subject: Question about org.apache.activemq.security.AuthorizationBroker Thread-Topic: Question about org.apache.activemq.security.AuthorizationBroker Thread-Index: ActcOIBkZidvIg52Qoqyk+1Op2NaVQ== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org I'm playing with org.apache.activemq.security.AuthorizationBroker, and I'm = not quite sure I understand what it is doing. This is from the 5.3.2 code, but it's almost exactly the same in the trunk. Lines 62-65, entire function below. http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org= /apache/activemq/security/AuthorizationBroker.java The part I don't understand is why it calls super.addDestination() if it do= esn't exist without first checking the acl's. Will this code get called again to verify the acl once it's in the Destinat= ionMap? Thanks --Allen Function I'm talking about: public Destination addDestination(ConnectionContext context, ActiveMQDes= tination destination) throws Exception { final SecurityContext securityContext =3D (SecurityContext)context.= getSecurityContext(); if (securityContext =3D=3D null) { throw new SecurityException("User is not authenticated."); } =20 Destination existing =3D this.getDestinationMap().get(destination); if (existing !=3D null) { return super.addDestination(context, destination); } =20 if (!securityContext.isBrokerContext()) { Set allowedACLs =3D null; if (!destination.isTemporary()) { allowedACLs =3D authorizationMap.getAdminACLs(destination); } else { allowedACLs =3D authorizationMap.getTempDestinationAdminACL= s(); } if (allowedACLs !=3D null && !securityContext.isInOneOf(allowed= ACLs)) { throw new SecurityException("User " + securityContext.getUs= erName() + " is not authorized to create: " + destination); } } return super.addDestination(context, destination); }=