Re: Question about org.apache.activemq.security.AuthorizationBroker

Mon, 27 Sep 2010 00:56:53 -0700 

Hi Allen,

it returns the existing destination in case it already exists. Some
more info on that particular part of code could be found in comments
of this issue: https://issues.apache.org/activemq/browse/AMQ-1747


Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net



On Sat, Sep 25, 2010 at 12:33 AM, Allen Reese <[email protected]> wrote:
> I'm playing with org.apache.activemq.security.AuthorizationBroker, and I'm 
> not quite sure I understand what it is doing.
>
> This is from the 5.3.2 code, but it's almost exactly the same in the trunk.
> Lines 62-65, entire function below.
>
> http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
>
> The part I don't understand is why it calls super.addDestination() if it 
> doesn't exist without first checking the acl's.
>
> Will this code get called again to verify the acl once it's in the 
> DestinationMap?
>
> Thanks
>
> --Allen
>
> Function I'm talking about:
>
>   public Destination addDestination(ConnectionContext context, 
> ActiveMQDestination destination) throws Exception {
>        final SecurityContext securityContext = 
> (SecurityContext)context.getSecurityContext();
>        if (securityContext == null) {
>            throw new SecurityException("User is not authenticated.");
>        }
>
>        Destination existing = this.getDestinationMap().get(destination);
>        if (existing != null) {
>                return super.addDestination(context, destination);
>        }
>
>        if (!securityContext.isBrokerContext()) {
>            Set<?> allowedACLs = null;
>            if (!destination.isTemporary()) {
>                allowedACLs = authorizationMap.getAdminACLs(destination);
>            } else {
>                allowedACLs = authorizationMap.getTempDestinationAdminACLs();
>            }
>
>            if (allowedACLs != null && 
> !securityContext.isInOneOf(allowedACLs)) {
>                throw new SecurityException("User " + 
> securityContext.getUserName() + " is not authorized to create: " + 
> destination);
>            }
>
>        }
>
>        return super.addDestination(context, destination);
>    }

Reply via email to