You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by navnetkachroo <na...@gmail.com> on 2008/04/08 01:04:33 UTC
ActiveMQ 5.0 & JAAS: Entitlement policy with security inheritance
Hi,
I'm working on Entitlement with Security inheriting.
I've a setup of 6 topics:
ENTITLE-TEST-A
ENTITLE-TEST-A.ENTITLE-TEST-B1
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2
ENTITLE-TEST-A.ENTITLE-TEST-B2
ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3
I change the access rights for each topic & see the affect on subscribing to
"ENTITLE-TEST-A.>".
Below are the results for having various permissions on "ENTITLE-TEST-A.>",
with just a publish permission on
"ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2":
Surprisingly "ENTITLE-TEST-A.>" subscribes to all topics irrespective of the
permissions. Am I doing it the right way? Because "ENTITLE-TEST-A.>"
shoulndt subscribe to topics where it is not permitted.
Any ideas?
Attached is my activemq.xml having the permissions defined:
http://www.nabble.com/file/p16542420/activemq.xml.entitle
activemq.xml.entitle
Target Permissions for user
'guest'
Topic=ENTITLE-TEST-A subscribe,publish
Topic=ENTITLE-TEST-A.>
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 subscribe,publish
Results(Subscribed by ENTITLE-TEST-A.>):
ENTITLE-TEST-A.ENTITLE-TEST-B1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 = Subscribed
****************************************************************************************************************
Target Permissions for user
'guest'
Topic=ENTITLE-TEST-A subscribe,publish
Topic=ENTITLE-TEST-A.> publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 subscribe,publish
Results(Subscribed by ENTITLE-TEST-A.>):
ENTITLE-TEST-A.ENTITLE-TEST-B1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 = Subscribed
****************************************************************************************************************
Target Permissions for user
'guest'
Topic=ENTITLE-TEST-A subscribe,publish
Topic=ENTITLE-TEST-A.> subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2 subscribe,publish
Topic=ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 subscribe,publish
Results(Subscribed by ENTITLE-TEST-A.>):
ENTITLE-TEST-A.ENTITLE-TEST-B1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C1 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B1.ENTITLE-TEST-C2 = Subscribed
ENTITLE-TEST-A.ENTITLE-TEST-B2.ENTITLE-TEST-C3 = Subscribed
****************************************************************************************************************
--
View this message in context: http://www.nabble.com/ActiveMQ-5.0---JAAS%3A-Entitlement-policy-with-security-inheritance-tp16542420s2354p16542420.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.