activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yari Marchetti <yari.marche...@staff.dada.net>
Subject Producer and write permission
Date Mon, 21 Jul 2008 15:31:50 GMT
Hi,
i have a configuration with JAAS enabled on a per queue basis.
I created a user named 'Test' and didn't give it write permission on a
static queue named 'test.queue'.

Using the example producer (the one in the activemq package), modified
just to provide it with Test user and password, using openwire as transport
i tried to send 10 messages to the test.queue.

I was expecting to received an exception just after the first message, and
surprising, the whole 10 message pack was sent with any problem.

So i checked the broker logs, and found:

java.lang.SecurityException: User Test is not authorized to write to: 
queue://test.queue
    at 
org.apache.activemq.security.AuthorizationBroker.send(AuthorizationBroker.java:173)
    at 
org.apache.activemq.broker.MutableBrokerFilter.send(MutableBrokerFilter.java:132)
    at 
org.apache.activemq.broker.TransportConnection.processMessage(TransportConnection.java:437)
    at 
org.apache.activemq.command.ActiveMQMessage.visit(ActiveMQMessage.java:624)
    at 
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292)
    at 
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180)
    at 
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
    at 
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143)
    at 
org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206)
    at 
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
    at 
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
    at 
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
    at java.lang.Thread.run(Thread.java:619)

obviously no message was found in test.queue queue. To be sure i tried 
also with a Stomp client,
just to see if it was possible to receive a notification of error after 
a failed write attempt, and it
was the same as with openwire.

I tried also with a consumer and it receives an error when it tries to 
read from a queue it has no
privileges on:

java.lang.SecurityException: User Test2 is not authorized to read from: 
queue://test.queue

so my question is: is this behavior the correct one? wouldn't be better 
to send a notification of error
after a failed write on a queue ?

Mime
View raw message