Repository: activemq Updated Branches: refs/heads/master 43d493e52 -> 5f8a3df5a
https://issues.apache.org/jira/browse/AMQ-6116 - improve security context Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/5f8a3df5 Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/5f8a3df5 Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/5f8a3df5 Branch: refs/heads/master Commit: 5f8a3df5a4fc0822897cc1abdcd4d99924285937 Parents: 43d493e Author: Dejan Bosanac <[email protected]> Authored: Fri Jan 8 17:05:58 2016 +0100 Committer: Dejan Bosanac <[email protected]> Committed: Fri Jan 8 17:05:58 2016 +0100 ---------------------------------------------------------------------- .../apache/activemq/security/AbstractAuthenticationBroker.java | 2 -- .../java/org/apache/activemq/security/AuthorizationBroker.java | 5 ++++- .../activemq/security/AuthorizationDestinationFilter.java | 1 - .../main/java/org/apache/activemq/security/SecurityContext.java | 5 ----- .../apache/activemq/shiro/subject/SubjectSecurityContext.java | 5 ----- .../activemq/shiro/subject/SubjectSecurityContextTest.java | 5 ----- 6 files changed, 4 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java ---------------------------------------------------------------------- diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java b/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java index 622a4f6..3b7efb9 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java @@ -38,7 +38,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter implemen next.removeDestination(context, destination, timeout); for (SecurityContext sc : securityContexts) { - sc.getAuthorizedReadDests().remove(destination); sc.getAuthorizedWriteDests().remove(destination); } } @@ -53,7 +52,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter implemen public void refresh() { for (SecurityContext sc : securityContexts) { - sc.getAuthorizedReadDests().clear(); sc.getAuthorizedWriteDests().clear(); } } http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java ---------------------------------------------------------------------- diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java index 2481f91..06eabd2 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java @@ -126,6 +126,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination); } + securityContext.getAuthorizedWriteDests().remove(destination); + super.removeDestination(context, destination, timeout); } @@ -137,6 +139,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + info.getDestination()); } + securityContext.getAuthorizedWriteDests().remove(info.getDestination()); + super.removeDestinationInfo(context, info); } @@ -154,7 +158,6 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + info.getDestination()); } - securityContext.getAuthorizedReadDests().put(info.getDestination(), info.getDestination()); /* * Need to think about this a little more. We could do per message http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java ---------------------------------------------------------------------- diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java index f0ac8b8..5bb56c7 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java @@ -56,7 +56,6 @@ public class AuthorizationDestinationFilter extends DestinationFilter { if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + destination); } - securityContext.getAuthorizedReadDests().put(destination, destination); super.addSubscription(context, sub); } http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java ---------------------------------------------------------------------- diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java b/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java index 8c32d62..fd677ce 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java @@ -47,7 +47,6 @@ public abstract class SecurityContext { final String userName; - final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedReadDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>(); final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedWriteDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>(); public SecurityContext(String userName) { @@ -74,10 +73,6 @@ public abstract class SecurityContext { return userName; } - public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() { - return authorizedReadDests; - } - public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() { return authorizedWriteDests; } http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java ---------------------------------------------------------------------- diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java index f344d8f..00014bf 100644 --- a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java +++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java @@ -73,11 +73,6 @@ public class SubjectSecurityContext extends SecurityContext { } @Override - public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() { - throw notAllowed("getAuthorizedReadDests"); - } - - @Override public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() { throw notAllowed("getAuthorizedWriteDests"); } http://git-wip-us.apache.org/repos/asf/activemq/blob/5f8a3df5/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java ---------------------------------------------------------------------- diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java index 49d70ed..23e3dff 100644 --- a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java +++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java @@ -42,11 +42,6 @@ public class SubjectSecurityContextTest { } @Test(expected=UnsupportedOperationException.class) - public void testGetAuthorizedReadDests() { - ctx.getAuthorizedReadDests(); - } - - @Test(expected=UnsupportedOperationException.class) public void testGetAuthorizedWriteDests() { ctx.getAuthorizedWriteDests(); }
