I'm playing with org.apache.activemq.security.AuthorizationBroker, and I'm not quite sure I understand what it is doing.
This is from the 5.3.2 code, but it's almost exactly the same in the trunk. Lines 62-65, entire function below. http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java The part I don't understand is why it calls super.addDestination() if it doesn't exist without first checking the acl's. Will this code get called again to verify the acl once it's in the DestinationMap? Thanks --Allen Function I'm talking about: public Destination addDestination(ConnectionContext context, ActiveMQDestination destination) throws Exception { final SecurityContext securityContext = (SecurityContext)context.getSecurityContext(); if (securityContext == null) { throw new SecurityException("User is not authenticated."); } Destination existing = this.getDestinationMap().get(destination); if (existing != null) { return super.addDestination(context, destination); } if (!securityContext.isBrokerContext()) { Set<?> allowedACLs = null; if (!destination.isTemporary()) { allowedACLs = authorizationMap.getAdminACLs(destination); } else { allowedACLs = authorizationMap.getTempDestinationAdminACLs(); } if (allowedACLs != null && !securityContext.isInOneOf(allowedACLs)) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to create: " + destination); } } return super.addDestination(context, destination); }
