Mailing-List: contact issues-help@activemq.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@activemq.apache.org
Date: Fri, 22 Jul 2016 10:39:20 +0000 (UTC)
From: "Martyn Taylor (JIRA)" <jira@apache.org>
To: issues@activemq.apache.org
Message-ID: <JIRA.12982301.1466682462000.105972.1469183960467@Atlassian.JIRA>
In-Reply-To: <JIRA.12982301.1466682462000@Atlassian.JIRA>
References: <JIRA.12982301.1466682462000@Atlassian.JIRA> <JIRA.12982301.1466682462333@arcas>
Subject: [jira] [Comment Edited] (ARTEMIS-592) Allow fine grain access
 control (durable subscriptions)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
archived-at: Fri, 22 Jul 2016 10:39:22 -0000


    [ https://issues.apache.org/jira/browse/ARTEMIS-592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15389292#comment-15389292 ] 

Martyn Taylor edited comment on ARTEMIS-592 at 7/22/16 10:38 AM:
-----------------------------------------------------------------

Thanks for the explanation Lionel.  I think I understand the problem, but just to ensure we're on the same page, let me iterate back what I think the problem is.

There are two STOMP clients, A and B, which both subscribe to add jms.topic.foo.  Which looks something like:

```java
                                                              / -------------->  [Ma,Ma,Ma] (Sub Q Client A)
JMS Producer ----------> jms.topic.foo /
                                                            \
                                                              \ -------------> [Mb,Mb,Mb] (sub Q Client B)
```

The thing you are trying to prevent, is client A setting up a subscription to jms.topic.foo and potentially consuming client B messages?

I've looked into the STOMP code and I believe there is a bug that causes this problem.  Subscriptions queues are not properly created, meaning two subscriptions to the same address could receive each others messages.  Is this what you are seeing?  If so would fixing the bug resolve this issue?


was (Author: martyntaylor):
Thanks for the explanation Lionel.  I think I understand the problem, but just to ensure we're on the same page, let me iterate back what I think the problem is.

There are two STOMP clients, A and B, which both subscribe to add jms.topic.foo.  Which looks something like:

```
                                                              / -------------->  [Ma,Ma,Ma] (Sub Q Client A)
JMS Producer ----------> jms.topic.foo /
                                                            \
                                                              \ -------------> [Mb,Mb,Mb] (sub Q Client B)
```

The thing you are trying to prevent, is client A setting up a subscription to jms.topic.foo and potentially consuming client B messages?

I've looked into the STOMP code and I believe there is a bug that causes this problem.  Subscriptions queues are not properly created, meaning two subscriptions to the same address could receive each others messages.  Is this what you are seeing?  If so would fixing the bug resolve this issue?

> Allow fine grain access control (durable subscriptions)
> -------------------------------------------------------
>
>                 Key: ARTEMIS-592
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-592
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Lionel Cons
>
> According to the documentation:
> {quote}
> Apache ActiveMQ Artemis allows sets of permissions to be defined against the queues based on their address.
> {quote}
> Two different subscriptions on the same topic will have the same address (the topic), only their name will change. So it seems they will get the same permissions.
> Could you please allow fine grain access control to be able to set different permissions to different durable subscriptions of the same topic?


--
This message was sent by Atlassian JIRA
(v6.3.4#6332)