You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@servicemix.apache.org by "Chris Custine (JIRA)" <ji...@apache.org> on 2010/01/11 21:51:15 UTC

[jira] Created: (SM-1925) Add security check on remote broker when using JMSFlow/JCAFlow

Add security check on remote broker when using JMSFlow/JCAFlow
--------------------------------------------------------------

                 Key: SM-1925
                 URL: https://issues.apache.org/activemq/browse/SM-1925
             Project: ServiceMix
          Issue Type: New Feature
          Components: servicemix-core
    Affects Versions: 3.3.1, 3.2.3
            Reporter: Chris Custine
            Assignee: Chris Custine


SecuredBroker checks security AFTER a component is invoked, which works fine when the consumer and components are on the same broker.  If a consumer is on brokerA and a provider endpoint is on brokerB using JMSFlow it is possible to bypass security and invoke the endpoint on brokerB even if it is using SecuredBroker.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SM-1925) Add security check on remote broker when using JMSFlow/JCAFlow

Posted by "Chris Custine (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/activemq/browse/SM-1925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Custine resolved SM-1925.
-------------------------------

       Resolution: Fixed
    Fix Version/s: 3.3.2
                   3.2.4

> Add security check on remote broker when using JMSFlow/JCAFlow
> --------------------------------------------------------------
>
>                 Key: SM-1925
>                 URL: https://issues.apache.org/activemq/browse/SM-1925
>             Project: ServiceMix
>          Issue Type: Bug
>          Components: servicemix-core
>    Affects Versions: 3.2.3, 3.3.1
>            Reporter: Chris Custine
>            Assignee: Chris Custine
>             Fix For: 3.2.4, 3.3.2
>
>
> SecuredBroker checks security AFTER a component is invoked, which works fine when the consumer and components are on the same broker.  If a consumer is on brokerA and a provider endpoint is on brokerB using JMSFlow it is possible to bypass security and invoke the endpoint on brokerB even if it is using SecuredBroker.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (SM-1925) Add security check on remote broker when using JMSFlow/JCAFlow

Posted by "Chris Custine (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/activemq/browse/SM-1925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chris Custine updated SM-1925:
------------------------------

    Issue Type: Bug  (was: New Feature)

> Add security check on remote broker when using JMSFlow/JCAFlow
> --------------------------------------------------------------
>
>                 Key: SM-1925
>                 URL: https://issues.apache.org/activemq/browse/SM-1925
>             Project: ServiceMix
>          Issue Type: Bug
>          Components: servicemix-core
>    Affects Versions: 3.2.3, 3.3.1
>            Reporter: Chris Custine
>            Assignee: Chris Custine
>
> SecuredBroker checks security AFTER a component is invoked, which works fine when the consumer and components are on the same broker.  If a consumer is on brokerA and a provider endpoint is on brokerB using JMSFlow it is possible to bypass security and invoke the endpoint on brokerB even if it is using SecuredBroker.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.