You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2021/01/06 10:46:00 UTC

[jira] [Work logged] (AMQ-8116) ActiveMQWildcardPermission with multiple tokens inconsistent with parent WildcardPermission class

     [ https://issues.apache.org/jira/browse/AMQ-8116?focusedWorklogId=531811&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-531811 ]

ASF GitHub Bot logged work on AMQ-8116:
---------------------------------------

                Author: ASF GitHub Bot
            Created on: 06/Jan/21 10:45
            Start Date: 06/Jan/21 10:45
    Worklog Time Spent: 10m 
      Work Description: ikucuze opened a new pull request #602:
URL: https://github.com/apache/activemq/pull/602


   https://issues.apache.org/jira/browse/AMQ-8116
   ActiveMQWildcardPermission with multiple tokens inconsistent with parent
   WildcardPermission class
   
   Update ActiveMQWildcardPermission.java
   
   add testcase


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

            Worklog Id:     (was: 531811)
    Remaining Estimate: 0h
            Time Spent: 10m

> ActiveMQWildcardPermission with multiple tokens inconsistent with parent WildcardPermission class
> -------------------------------------------------------------------------------------------------
>
>                 Key: AMQ-8116
>                 URL: https://issues.apache.org/jira/browse/AMQ-8116
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Plugin
>    Affects Versions: 5.16.0, 5.15.14
>            Reporter: OLIVIER LE TIEC
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> -----
> Reminder:
> A permission pattern looks like: A:B:C , A, B and C beoing 'parts' of the permission
> Each 'part' can have one or more 'token', like 'read,write'.
> So a permission with activemq looks like:
> queue:queue1,queue2:read,write
> granting access on queue1 and queue2, for read or write access.
> -----
> WildcardPermission class from Shiro library states that tokens are a list of authorized items, for exemple : newsletter:view,edit,create grants view, edit and create rights uppon newsletter item.
> (ref [https://github.com/apache/shiro/blob/master/core/src/main/java/org/apache/shiro/authz/permission/WildcardPermission.java] )
>  
> ActiveMQWildcardPermission class (in activemq projects), extends this class, by allowing each 'part' to not only be a single wildcard '*', but being a wildcard string.
> topic:ActiveMQ.Advisory*  grants all access to the topics starting by the given string.
>  
>  
> For doing so, this class redefines the implies function, but breaks the above requirements.
> queue:*:read,create
> should grant read and create access on all queues, but this is not working as 
> queue:testqueue:read
> Will fail to validate
>  
> Test code:
> WildcardPermission permission = new ActiveMQWildcardPermission("queue:*:read,create", true);
> WildcardPermission action = new ActiveMQWildcardPermission("queue:testqueue:read", true);
> assert(permission .implies(action ));
> replacing new ActiveMQWildcardPermission with new WildcardPermission (parent class) will pass the assert.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)