[
https://issues.apache.org/jira/browse/ARTEMIS-1884?focusedWorklogId=493673&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-493673
]
ASF GitHub Bot logged work on ARTEMIS-1884:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 01/Oct/20 20:20
Start Date: 01/Oct/20 20:20
Worklog Time Spent: 10m
Work Description: ryeats commented on a change in pull request #3281:
URL: https://github.com/apache/activemq-artemis/pull/3281#discussion_r498439577
##########
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
##########
@@ -2444,6 +2446,25 @@ public void callBrokerMessagePlugins(final
ActiveMQPluginRunnable<ActiveMQServer
callBrokerPlugins(getBrokerMessagePlugins(), pluginRun);
}
+ @Override
+ public boolean callBrokerMessagePluginsCanAccept(ServerConsumer
serverConsumer, MessageReference messageReference) throws ActiveMQException {
+ for (ActiveMQServerMessagePlugin plugin : getBrokerMessagePlugins()) {
Review comment:
I am probably not following what you are getting at. If no
MessagePlugins are present or if all the plugins are using default canAccept
implementation this returns true and no messages are filtered out. I am making
an assumption that the results of all MessagePlugin#canAccept calls should be
combined as an AND though so if any single plugin returns false the message
will not be delivered to that consumer.
##########
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
##########
@@ -339,6 +339,22 @@ public static String getUserFromSubject(Subject subject) {
return validatedUser;
}
+ /**
+ * Get the cached Subject. If the Subject is not in the cache then
authenticate again to retrieve
+ * it.
+ *
+ * @param session contains the authentication data
+ * @return the authenticated Subject with all associated role principals or
null if not
+ * authenticated or JAAS is not supported by the SecurityManager.
+ */
+ @Override
+ public Subject getSessionSubject(SecurityAuth session) {
+ if (securityManager instanceof ActiveMQSecurityManager5) {
Review comment:
ActiveMQSecurityManager5 is the only ActiveMQSecurityManager API that
exposes returning a users subject the other APIs abstracts away the details of
JAAS to a greater extent.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 493673)
Time Spent: 1h 20m (was: 1h 10m)
> ActiveMQ5-like message-level authorization
> ------------------------------------------
>
> Key: ARTEMIS-1884
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1884
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: Broker
> Reporter: Johan Stenberg
> Priority: Major
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> In ActiveMQ 5 we have
> [MessageAuthorizationPolicy|https://activemq.apache.org/maven/apidocs/org/apache/activemq/security/MessageAuthorizationPolicy.html].
> We would need a similar feature in Artemis to being able to migrate to it.
> In Artemis exists the
> [ActiveMQServerPlugin#beforeDeliver|https://github.com/apache/activemq-artemis/blob/master/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/plugin/ActiveMQServerPlugin.java#L502]
> callback method were we probably could prevent message delivery by throwing
> an exception but using exceptions for flow control feels like a very wrong
> thing to do here.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
