Return-Path: X-Original-To: apmail-activemq-issues-archive@minotaur.apache.org Delivered-To: apmail-activemq-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 652F418E00 for ; Fri, 25 Sep 2015 14:18:04 +0000 (UTC) Received: (qmail 7702 invoked by uid 500); 25 Sep 2015 14:18:04 -0000 Delivered-To: apmail-activemq-issues-archive@activemq.apache.org Received: (qmail 7666 invoked by uid 500); 25 Sep 2015 14:18:04 -0000 Mailing-List: contact issues-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list issues@activemq.apache.org Received: (qmail 7656 invoked by uid 99); 25 Sep 2015 14:18:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Sep 2015 14:18:04 +0000 Date: Fri, 25 Sep 2015 14:18:04 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: issues@activemq.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ARTEMIS-229) Additional address argument for validateUserAndRole MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ARTEMIS-229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14908077#comment-14908077 ] ASF GitHub Bot commented on ARTEMIS-229: ---------------------------------------- Github user clebertsuconic commented on the pull request: https://github.com/apache/activemq-artemis/pull/175#issuecomment-143235768 Looks good... I am not sure I like the name ActiveMQSecurityManager2 though... But I am failing to find a better one. I thought about - ActiveMQSecurityManagerExt - ActiveMQSecurityManagerAddress - ActiveMQSecurityManagerV2 (this one probably makes it a better sense... the V makes it clear it's a versioning thing, and we would deprecate the previous one) > Additional address argument for validateUserAndRole > --------------------------------------------------- > > Key: ARTEMIS-229 > URL: https://issues.apache.org/jira/browse/ARTEMIS-229 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Broker > Reporter: Julian Scheid > Priority: Minor > > Making {{validateUserAndRole}} accept an extra {{address}} parameter and passing the destination address in {{SecurityStoreImpl.check}} (along with changing the cache keys accordingly) enables authorization schemes that take the destination address into account. > To some degree this is already possible using the {{securityRepository}} but only for a static list of roles and destinations, it doesn't work so well in an environment where e.g. queues are created dynamically and need to be authorized based on the user's identity. -- This message was sent by Atlassian JIRA (v6.3.4#6332)