activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dejan Bosanac (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMQ-5304) groupClass not applied to TempDestinationAuthorizationEntry
Date Wed, 06 Aug 2014 13:35:12 GMT

    [ https://issues.apache.org/jira/browse/AMQ-5304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14087662#comment-14087662
] 

Dejan Bosanac commented on AMQ-5304:
------------------------------------

Added the test (ignored for now) with the following commit

https://git-wip-us.apache.org/repos/asf?p=activemq.git;a=commit;h=acf84b43

The patch also looks good to me.



> groupClass not applied to TempDestinationAuthorizationEntry
> -----------------------------------------------------------
>
>                 Key: AMQ-5304
>                 URL: https://issues.apache.org/jira/browse/AMQ-5304
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.10.0
>            Reporter: Torsten Mielke
>            Assignee: Torsten Mielke
>              Labels: authorization, security
>         Attachments: AMQ-5304.patch
>
>
> When configuring the authorization plugin with a <tempDestinationAuthorizationEntry>
that also set a groupClass, this groupClass is not properly applied to the TempDestinationAuthorizationEntry
instance. 
> E.g. consider this example config
> {code:xml}
>       <authorizationPlugin>
>         <map>
>           <authorizationMap groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal">
>             <authorizationEntries>
>               <authorizationEntry queue=">" read="admin" write="client,admin" admin="client,admin"
/>
>               <authorizationEntry topic=">" read="client,admin" write="admin" admin="admin"/>
>               <authorizationEntry topic="ActiveMQ.Advisory.>" read="admin,client"
write="admin,client" admin="admin"/>
>            </authorizationEntries>
>            <tempDestinationAuthorizationEntry>
>              <tempDestinationAuthorizationEntry read="client,admin" write="client,admin"
admin="client,admin" groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/>
>            </tempDestinationAuthorizationEntry>
>          </authorizationMap>
>         </map>
>       </authorizationPlugin>
> {code}
> The groupClass attribute is set on the TempDestinationAuthorizationEntry instance but
we don't apply the groupClass to the AuthorizationEntry by calling afterPropertiesSet();
> As a result, authorization fails when trying to create a temp destination. 
> This can happen when deploying the broker inside a Karaf container and have Karaf do
the authentication (such as in JBoss A-MQ). 
> The groupClass is properly set on the authorizationEntries within the <authorizationEntries>
list and only fails to be applied properly on the tempDestinationAuthorizationEntry. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message