You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Matt Pavlovich (Jira)" <ji...@apache.org> on 2021/02/16 20:39:00 UTC
[jira] [Closed] (AMQ-5151) Incorrect authorization on virtual
destination (wildcard)
[ https://issues.apache.org/jira/browse/AMQ-5151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Pavlovich closed AMQ-5151.
-------------------------------
Closing due to inactivity and general improvements in versions since the ticket was created.
> Incorrect authorization on virtual destination (wildcard)
> ---------------------------------------------------------
>
> Key: AMQ-5151
> URL: https://issues.apache.org/jira/browse/AMQ-5151
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker
> Affects Versions: 5.9.0, 5.9.1
> Reporter: Alexandre Pauzies
> Assignee: Matt Pavlovich
> Priority: Major
> Labels: authorization, security, virtualDestinations, wildcard
>
> I'm trying to use authorizationPlugin with virtual destinations:
> testTopic.group1
> testTopic.group2
> This is my authorizationEntries definition:
> <authorizationEntry topic="testTopic.group1.>" write="admins" read="group1" admin="admins" />
> <authorizationEntry topic="testTopic.group2.>" write="admins" read="group2" admin="admins" />
> <authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
> - When group1 tries to subscribe to testTopic.group2, I get an access denied: "User is not authorized to read from..."
> - Same when group2 access group1
> - However, if group1 subscribes to testTopic.> it will have access to everything
> I tracked the issue down to DefaultAuthorizationMap, getReadACLs(ActiveMQDestination destination)
> This method will combine the read ACL from the 2 sub-topic authorization entries and give access to destination "testTopic.>" to anyone in group1 or group2.
> Am I doing something wrong?
> Is this scenario supported by authorizationPlugin?
> Thanks,
> Alex
--
This message was sent by Atlassian Jira
(v8.3.4#803005)