You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by ch...@apache.org on 2006/03/27 04:21:20 UTC
svn commit: r389007 -
/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
Author: chirino
Date: Sun Mar 26 18:21:17 2006
New Revision: 389007
URL: http://svn.apache.org/viewcvs?rev=389007&view=rev
Log:
Fix for
https://issues.apache.org/activemq/browse/AMQ-661
Modified:
incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
Modified: incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
URL: http://svn.apache.org/viewcvs/incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java?rev=389007&r1=389006&r2=389007&view=diff
==============================================================================
--- incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java (original)
+++ incubator/activemq/trunk/activemq-core/src/main/java/org/apache/activemq/security/AuthorizationBroker.java Sun Mar 26 18:21:17 2006
@@ -44,7 +44,6 @@
public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMBean {
private final AuthorizationMap authorizationMap;
- private boolean filterReads = true;
public AuthorizationBroker(Broker next, AuthorizationMap authorizationMap) {
super(next);
@@ -97,10 +96,16 @@
throw new SecurityException("User "+subject.getUserName()+" is not authorized to read from: "+info.getDestination());
subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
- // Should we install a additional predicate on the consumer?
- // This adds a little more overhead, but is more secure.
- if( filterReads ) {
-
+ /*
+ * Need to think about this a little more. We could do per message security checking
+ * to implement finer grained security checking. For example a user can only see messages
+ * with price>1000 . Perhaps this should just be another additional broker filter that installs
+ * this type of feature.
+ *
+ * If we did want to do that, then we would install a predicate. We should be careful since
+ * there may be an existing predicate already assigned and the consumer info may be sent to a remote
+ * broker, so it also needs to support being marshaled.
+ *
info.setAdditionalPredicate(new BooleanExpression() {
public boolean matches(MessageEvaluationContext message) throws JMSException {
if( !subject.getAuthorizedReadDests().contains(message.getDestination()) ) {
@@ -115,8 +120,7 @@
return matches(message) ? Boolean.TRUE : Boolean.FALSE;
}
});
-
- }
+ */
return super.addConsumer(context, info);
}
@@ -190,13 +194,4 @@
public void removeUserRole(String user, String role) {
}
- // Properties
- // -------------------------------------------------------------------------
- public boolean isFilterReads() {
- return filterReads;
- }
-
- public void setFilterReads(boolean filterReads) {
- this.filterReads = filterReads;
- }
}