[
https://issues.apache.org/jira/browse/ARTEMIS-229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14905721#comment-14905721
]
clebert suconic commented on ARTEMIS-229:
-----------------------------------------
You can't really change that method...
This interface is part of the API, and modifying this method would break
integration with other systems...
You can achieve this by creating a new interface such as
ActiveMQSecurityManagerEx... and add the new method there.
ActiveMQSecurityManagerImpl can implement both interfaces. At the caller of the
method, you would need to check what interface is implementing and you would
need to call the Ex interface and that method is implemented.
That way we won't break API compatibility with integrated system such as your
system is going to use this.
> Additional address argument for validateUserAndRole
> ---------------------------------------------------
>
> Key: ARTEMIS-229
> URL: https://issues.apache.org/jira/browse/ARTEMIS-229
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: Broker
> Reporter: Julian Scheid
> Priority: Minor
>
> Making {{validateUserAndRole}} accept an extra {{address}} parameter and
> passing the destination address in {{SecurityStoreImpl.check}} (along with
> changing the cache keys accordingly) enables authorization schemes that take
> the destination address into account.
> To some degree this is already possible using the {{securityRepository}} but
> only for a static list of roles and destinations, it doesn't work so well in
> an environment where e.g. queues are created dynamically and need to be
> authorized based on the user's identity.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
