[
https://issues.apache.org/activemq/browse/SM-1925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Custine updated SM-1925:
------------------------------
Issue Type: Bug (was: New Feature)
> Add security check on remote broker when using JMSFlow/JCAFlow
> --------------------------------------------------------------
>
> Key: SM-1925
> URL: https://issues.apache.org/activemq/browse/SM-1925
> Project: ServiceMix
> Issue Type: Bug
> Components: servicemix-core
> Affects Versions: 3.2.3, 3.3.1
> Reporter: Chris Custine
> Assignee: Chris Custine
>
> SecuredBroker checks security AFTER a component is invoked, which works fine
> when the consumer and components are on the same broker. If a consumer is on
> brokerA and a provider endpoint is on brokerB using JMSFlow it is possible to
> bypass security and invoke the endpoint on brokerB even if it is using
> SecuredBroker.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
