Great thanks. That means my test code isn't wrong, I just need to test better.
--Allen -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dejan Bosanac Sent: Monday, September 27, 2010 12:56 AM To: [email protected] Subject: Re: Question about org.apache.activemq.security.AuthorizationBroker Hi Allen, it returns the existing destination in case it already exists. Some more info on that particular part of code could be found in comments of this issue: https://issues.apache.org/activemq/browse/AMQ-1747 Cheers -- Dejan Bosanac - http://twitter.com/dejanb Open Source Integration - http://fusesource.com/ ActiveMQ in Action - http://www.manning.com/snyder/ Blog - http://www.nighttale.net On Sat, Sep 25, 2010 at 12:33 AM, Allen Reese <[email protected]> wrote: > I'm playing with org.apache.activemq.security.AuthorizationBroker, and I'm > not quite sure I understand what it is doing. > > This is from the 5.3.2 code, but it's almost exactly the same in the trunk. > Lines 62-65, entire function below. > > http://svn.apache.org/viewvc/activemq/trunk/activemq-core/src/main/jav > a/org/apache/activemq/security/AuthorizationBroker.java > > The part I don't understand is why it calls super.addDestination() if it > doesn't exist without first checking the acl's. > > Will this code get called again to verify the acl once it's in the > DestinationMap? > > Thanks > > --Allen > > Function I'm talking about: > > public Destination addDestination(ConnectionContext context, > ActiveMQDestination destination) throws Exception { > final SecurityContext securityContext = > (SecurityContext)context.getSecurityContext(); > if (securityContext == null) { > throw new SecurityException("User is not authenticated."); > } > > Destination existing = > this.getDestinationMap().get(destination); > if (existing != null) { > return super.addDestination(context, destination); > } > > if (!securityContext.isBrokerContext()) { > Set<?> allowedACLs = null; > if (!destination.isTemporary()) { > allowedACLs = > authorizationMap.getAdminACLs(destination); > } else { > allowedACLs = > authorizationMap.getTempDestinationAdminACLs(); > } > > if (allowedACLs != null && > !securityContext.isInOneOf(allowedACLs)) { > throw new SecurityException("User " + > securityContext.getUserName() + " is not authorized to create: " + > destination); > } > > } > > return super.addDestination(context, destination); > }
