[
https://issues.apache.org/activemq/browse/AMQ-1747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=48139#action_48139
]
Dan Bucatanschi commented on AMQ-1747:
--------------------------------------
Hi! I am writing a custom authorization and authentication plugin for the lab
where I am working. Because I still do not fully understand what happens behind
the scenes in ActiveMQ, I usually browse the ActiveMQ source code and the
latest snapshots so that I can keep our security plugin up to date with the
latest patches that the AuthorizationBroker gets here. So looking here, I saw
this patch for this issue. I was just wondering if instead of:
return existing;
inside the if statement (looking at the diff with the previous version of the
AuthorizationBroker.java), one should write:
return super.addDestination(context, destination);
just like it is at the end of the addDestination method in AuthorizationBroker.
It makes sense to me to do that since we're not just trying to add a user to an
already existing destination, but we should also "announce" this addition
throughout the whole BrokerFilter stack, shouldn't we? This way, for example,
Advisory topics also get updated with the fact that this user tried adding this
destination for herself. I assume that other BrokerFilters rely on this
behavior (that addDestination() gets called for every user requesting a
destination successfully).
Or do I have this totally wrong and the addDestination method should only be
used for adding destinations inside the broker, not to a user's connection? If
that's the case, why is it that the issue described here appeared in the first
place? Isn't the broker trying to create a destination (i.e. addDestination
gets called) automatically for every new user requesting it?
Thanks,
-Dan
> Writing to predefined destinations without admin priviledges
> ------------------------------------------------------------
>
> Key: AMQ-1747
> URL: https://issues.apache.org/activemq/browse/AMQ-1747
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.1.0
> Reporter: Dejan Bosanac
> Assignee: Rob Davies
> Fix For: 5.2.0
>
> Attachments: activemq-predefined.patch
>
>
> Trying to write to predefined destinations without admin privileges raises
> "cannot create destination" exception. More info could be foundin the
> folllowinf thread -
> http://www.nabble.com/Secutiry-and-Predefined-Destinations-tt17370190s2354.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
