activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From navnetkachroo <navnetkach...@gmail.com>
Subject ActiveMQ 5.0 & JAAS: Entitlement policy with security inheritance
Date Mon, 07 Apr 2008 23:04:33 GMT

Hi, 

I'm working on Entitlement with Security inheriting.

I've a setup of 6 topics:
ENTITLE-TEST-A                                  
ENTITLE-TEST-A.ENTITLE-TEST-B1                  
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1  
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2  
ENTITLE-TEST-A.ENTITLE-TEST-B2                  
ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3  

I change the access rights for each topic & see the affect on subscribing to
"ENTITLE-TEST-A.>".

Below are the results for having various permissions on "ENTITLE-TEST-A.>",
with just a publish permission on
"ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2":

Surprisingly "ENTITLE-TEST-A.>" subscribes to all topics irrespective of the
permissions. Am I doing it the right way? Because "ENTITLE-TEST-A.>"
shoulndt subscribe to topics where it is not permitted. 
Any ideas?

Attached is my activemq.xml having the permissions defined:
http://www.nabble.com/file/p16542420/activemq.xml.entitle
activemq.xml.entitle 

Target                                                Permissions for user
'guest'
Topic=ENTITLE-TEST-A                                  subscribe,publish
Topic=ENTITLE-TEST-A.>                                
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1                  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2  publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2                  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3  subscribe,publish

Results(Subscribed by ENTITLE-TEST-A.>):
ENTITLE-TEST-A.ENTITLE-TEST-B1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 = Subscribed
****************************************************************************************************************

Target                                                Permissions for user
'guest'
Topic=ENTITLE-TEST-A                                  subscribe,publish
Topic=ENTITLE-TEST-A.>                                publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1                  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2  publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2                  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3  subscribe,publish

Results(Subscribed by ENTITLE-TEST-A.>):
ENTITLE-TEST-A.ENTITLE-TEST-B1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 = Subscribed
****************************************************************************************************************

Target                                                Permissions for user
'guest'
Topic=ENTITLE-TEST-A                                  subscribe,publish
Topic=ENTITLE-TEST-A.>                                subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1                  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2  publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2                  subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3  subscribe,publish

Results(Subscribed by ENTITLE-TEST-A.>):
ENTITLE-TEST-A.ENTITLE-TEST-B1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 = Subscribed
****************************************************************************************************************


-- 
View this message in context: http://www.nabble.com/ActiveMQ-5.0---JAAS%3A-Entitlement-policy-with-security-inheritance-tp16542420s2354p16542420.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message