You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by Lorne Wilson <lw...@tippingpoint.com> on 2007/02/15 00:27:47 UTC

tempDestinationAuthorizationEntry does not work for consumers

Folks,

I've been trying to use the tempDestinationAuthorizationEntry feature in 4.2
and I think I've found a problem. If I set up a consumer of the temp queue
and add it to the read permission, it always reports that I don't have
permission to read the queue. However, if I add that consumer to the write
permission on the queue it works like a charm.

Looking at the source I think I have discovered a bulk copy/paste problem.
If you look at
org.apache.activemq.security.AuthorizationBroker.addConsumer() in the source
trunk, you will see this little piece of code a couple of lines from the top
of the method:

        if(!info.getDestination().isTemporary()) {
            allowedACLs =
authorizationMap.getReadACLs(info.getDestination());
        }else {
        	allowedACLs = authorizationMap.getTempDestinationWriteACLs();
        }

Note that it gets the TempDestinationWriteACLs(), even though if we are not
a temp queue it gets the ReadACLs().  If you look in addProducer() you can
see a similar piece of code that might be where this copy originated.

I am using what looks to be the latest 4.2 SNAPSHOT (file:
apache-activemq-4.2-20070214.034812-3.zip).

   lorne




-- 
View this message in context: http://www.nabble.com/tempDestinationAuthorizationEntry-does-not-work-for-consumers-tf3230937s2354.html#a8976992
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: tempDestinationAuthorizationEntry does not work for consumers

Posted by Jonas Lim <jl...@exist.com>.

Good catch Lorne! 

Added a patch for this issue on the svn trunk r507792. 

https://issues.apache.org/activemq/browse/AMQ-1163

Regards,
Jonas

Lorne Wilson wrote:
> Folks,
>
> I've been trying to use the tempDestinationAuthorizationEntry feature in 4.2
> and I think I've found a problem. If I set up a consumer of the temp queue
> and add it to the read permission, it always reports that I don't have
> permission to read the queue. However, if I add that consumer to the write
> permission on the queue it works like a charm.
>
> Looking at the source I think I have discovered a bulk copy/paste problem.
> If you look at
> org.apache.activemq.security.AuthorizationBroker.addConsumer() in the source
> trunk, you will see this little piece of code a couple of lines from the top
> of the method:
>
>         if(!info.getDestination().isTemporary()) {
>             allowedACLs =
> authorizationMap.getReadACLs(info.getDestination());
>         }else {
>         	allowedACLs = authorizationMap.getTempDestinationWriteACLs();
>         }
>
> Note that it gets the TempDestinationWriteACLs(), even though if we are not
> a temp queue it gets the ReadACLs().  If you look in addProducer() you can
> see a similar piece of code that might be where this copy originated.
>
> I am using what looks to be the latest 4.2 SNAPSHOT (file:
> apache-activemq-4.2-20070214.034812-3.zip).
>
>    lorne
>
>
>
>
>