activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Thorsten Panitz <>
Subject Re: Security bug in authorization system?
Date Tue, 15 Nov 2011 16:13:30 GMT
Am 14.11.11 18:18, schrieb Torsten Mielke:


> I have debugged your unit test today and the reason for not getting an authorization
exception in test accessToProtectedTopicWithWildcardsDestinationAsUserShouldFail() is that
the AuthorizationBroker appends the security roles of all of the sub nodes in its authorization
> You have entries for "messages.>" as well as "messages.cat1" and "" in
your authorization config.
> Because of the wildcard in "messages.>" it appends the group names of all sub nodes.
From the entry "messages.cat1" it also adds the "users" groups.
> This is a bug IMHO. Although I believe there must be some reason for adding the authorization
groups of sub nodes in the brokers authorization plugin at runtime.
> Do you mind raising a JIRA ticket and attaching your JUnit test?

I have created the JIRA ticket:


      Thorsten Panitz

View raw message