[
https://issues.apache.org/jira/browse/AMQ-8116?focusedWorklogId=531811&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-531811
]
ASF GitHub Bot logged work on AMQ-8116:
---------------------------------------
Author: ASF GitHub Bot
Created on: 06/Jan/21 10:45
Start Date: 06/Jan/21 10:45
Worklog Time Spent: 10m
Work Description: ikucuze opened a new pull request #602:
URL: https://github.com/apache/activemq/pull/602
https://issues.apache.org/jira/browse/AMQ-8116
ActiveMQWildcardPermission with multiple tokens inconsistent with parent
WildcardPermission class
Update ActiveMQWildcardPermission.java
add testcase
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 531811)
Remaining Estimate: 0h
Time Spent: 10m
> ActiveMQWildcardPermission with multiple tokens inconsistent with parent
> WildcardPermission class
> -------------------------------------------------------------------------------------------------
>
> Key: AMQ-8116
> URL: https://issues.apache.org/jira/browse/AMQ-8116
> Project: ActiveMQ
> Issue Type: Bug
> Components: Plugin
> Affects Versions: 5.16.0, 5.15.14
> Reporter: OLIVIER LE TIEC
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> -----
> Reminder:
> A permission pattern looks like: A:B:C , A, B and C beoing 'parts' of the
> permission
> Each 'part' can have one or more 'token', like 'read,write'.
> So a permission with activemq looks like:
> queue:queue1,queue2:read,write
> granting access on queue1 and queue2, for read or write access.
> -----
> WildcardPermission class from Shiro library states that tokens are a list of
> authorized items, for exemple : newsletter:view,edit,create grants view, edit
> and create rights uppon newsletter item.
> (ref
> [https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermission.java]
> )
>
> ActiveMQWildcardPermission class (in activemq projects), extends this class,
> by allowing each 'part' to not only be a single wildcard '*', but being a
> wildcard string.
> topic:ActiveMQ.Advisory* grants all access to the topics starting by the
> given string.
>
>
> For doing so, this class redefines the implies function, but breaks the above
> requirements.
> queue:*:read,create
> should grant read and create access on all queues, but this is not working as
> queue:testqueue:read
> Will fail to validate
>
> Test code:
> WildcardPermission permission = new
> ActiveMQWildcardPermission("queue:*:read,create", true);
> WildcardPermission action = new
> ActiveMQWildcardPermission("queue:testqueue:read", true);
> assert(permission .implies(action ));
> replacing new ActiveMQWildcardPermission with new WildcardPermission (parent
> class) will pass the assert.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
