[
https://issues.apache.org/jira/browse/AMQ-5304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Torsten Mielke updated AMQ-5304:
--------------------------------
Description:
When configuring the authorization plugin with a
<tempDestinationAuthorizationEntry> that also set a groupClass, this groupClass
is not properly applied to the TempDestinationAuthorizationEntry instance.
E.g. consider this example config
{code:xml}
<authorizationPlugin>
<map>
<authorizationMap
groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal">
<authorizationEntries>
<authorizationEntry queue=">" read="admin" write="client,admin"
admin="client,admin" />
<authorizationEntry topic=">" read="client,admin" write="admin"
admin="admin"/>
<authorizationEntry topic="ActiveMQ.Advisory.>"
read="admin,client" write="admin,client" admin="admin"/>
</authorizationEntries>
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry read="client,admin"
write="client,admin" admin="client,admin"
groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
{code}
The groupClass attribute is set on the TempDestinationAuthorizationEntry
instance but we don't apply the groupClass to the AuthorizationEntry by calling
afterPropertiesSet();
As a result, authorization fails when trying to create a temp destination.
This can happen when deploying the broker inside a Karaf container and have
Karaf do the authentication (such as in JBoss A-MQ).
The groupClass is properly set on the authorizationEntries within the
<authorizationEntries> list and only fails to be applied properly on the
tempDestinationAuthorizationEntry.
was:
When configuring the authorization plugin with a
<tempDestinationAuthorizationEntry> that also set a groupClass, this groupClass
is not properly applied to the TempDestinationAuthorizationEntry instance.
E.g. consider this example config
{code:xml}
<authorizationPlugin>
<map>
<authorizationMap
groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal">
<authorizationEntries>
<authorizationEntry queue=">" read="admin" write="client,admin"
admin="client,admin" />
<authorizationEntry topic=">" read="client,admin" write="admin"
admin="admin"/>
<authorizationEntry topic="ActiveMQ.Advisory.>"
read="admin,client" write="admin,client" admin="admin"/>
</authorizationEntries>
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry read="client,admin"
write="client,admin" admin="client,admin"
groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
{code}
Its groupClass property is called and set to the class specified in Spring but
we don't apply the groupClass to the AuthorizationEntry.
> groupClass not applied to TempDestinationAuthorizationEntry
> -----------------------------------------------------------
>
> Key: AMQ-5304
> URL: https://issues.apache.org/jira/browse/AMQ-5304
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.10.0
> Reporter: Torsten Mielke
> Assignee: Torsten Mielke
> Labels: authorization, security
>
> When configuring the authorization plugin with a
> <tempDestinationAuthorizationEntry> that also set a groupClass, this
> groupClass is not properly applied to the TempDestinationAuthorizationEntry
> instance.
> E.g. consider this example config
> {code:xml}
> <authorizationPlugin>
> <map>
> <authorizationMap
> groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal">
> <authorizationEntries>
> <authorizationEntry queue=">" read="admin" write="client,admin"
> admin="client,admin" />
> <authorizationEntry topic=">" read="client,admin" write="admin"
> admin="admin"/>
> <authorizationEntry topic="ActiveMQ.Advisory.>"
> read="admin,client" write="admin,client" admin="admin"/>
> </authorizationEntries>
> <tempDestinationAuthorizationEntry>
> <tempDestinationAuthorizationEntry read="client,admin"
> write="client,admin" admin="client,admin"
> groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/>
> </tempDestinationAuthorizationEntry>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> {code}
> The groupClass attribute is set on the TempDestinationAuthorizationEntry
> instance but we don't apply the groupClass to the AuthorizationEntry by
> calling afterPropertiesSet();
> As a result, authorization fails when trying to create a temp destination.
> This can happen when deploying the broker inside a Karaf container and have
> Karaf do the authentication (such as in JBoss A-MQ).
> The groupClass is properly set on the authorizationEntries within the
> <authorizationEntries> list and only fails to be applied properly on the
> tempDestinationAuthorizationEntry.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
