You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2006/03/27 04:21:20 UTC

svn commit: r389007 - /incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java

Author: chirino
Date: Sun Mar 26 18:21:17 2006
New Revision: 389007

URL: http://svn.apache.org/viewcvs?rev=389007&view=rev
Log:
Fix for
https://issues.apache.org/activemq/browse/AMQ-661

Modified:
    incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java

Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java?rev=389007&r1=389006&r2=389007&view=diff
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java (original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java Sun Mar 26 18:21:17 2006
@@ -44,7 +44,6 @@
 public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMBean {
     
     private final AuthorizationMap authorizationMap;
-    private boolean filterReads = true;
 
     public AuthorizationBroker(Broker next, AuthorizationMap authorizationMap) {
         super(next);
@@ -97,10 +96,16 @@
             throw new SecurityException("User "+subject.getUserName()+" is not authorized to read from: "+info.getDestination());
         subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
         
-        // Should we install a additional predicate on the consumer?
-        // This adds a little more overhead, but is more secure.
-        if( filterReads ) {
-            
+        /* 
+         * Need to think about this a little more.  We could do per message security checking
+         * to implement finer grained security checking. For example a user can only see messages
+         * with price>1000 .  Perhaps this should just be another additional broker filter that installs 
+         * this type of feature.
+         * 
+         * If we did want to do that, then we would install a predicate.  We should be careful since
+         * there may be an existing predicate already assigned and the consumer info may be sent to a remote 
+         * broker, so it also needs to support being marshaled.
+         * 
             info.setAdditionalPredicate(new BooleanExpression() {
                 public boolean matches(MessageEvaluationContext message) throws JMSException {
                     if( !subject.getAuthorizedReadDests().contains(message.getDestination()) ) {
@@ -115,8 +120,7 @@
                     return matches(message) ? Boolean.TRUE : Boolean.FALSE;
                 }
             });
-            
-        }
+        */
         
         return super.addConsumer(context, info);
     }
@@ -190,13 +194,4 @@
     public void removeUserRole(String user, String role) {
     }
 
-    // Properties
-    // -------------------------------------------------------------------------
-    public boolean isFilterReads() {
-        return filterReads;
-    }
-
-    public void setFilterReads(boolean filterReads) {
-        this.filterReads = filterReads;
-    }
 }