You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@servicemix.apache.org by "Chris Custine (JIRA)" <ji...@apache.org> on 2010/01/11 21:57:15 UTC
[jira] Updated: (SM-1925) Add security check on remote broker when
using JMSFlow/JCAFlow
[ https://issues.apache.org/activemq/browse/SM-1925?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Custine updated SM-1925:
------------------------------
Issue Type: Bug (was: New Feature)
> Add security check on remote broker when using JMSFlow/JCAFlow
> --------------------------------------------------------------
>
> Key: SM-1925
> URL: https://issues.apache.org/activemq/browse/SM-1925
> Project: ServiceMix
> Issue Type: Bug
> Components: servicemix-core
> Affects Versions: 3.2.3, 3.3.1
> Reporter: Chris Custine
> Assignee: Chris Custine
>
> SecuredBroker checks security AFTER a component is invoked, which works fine when the consumer and components are on the same broker. If a consumer is on brokerA and a provider endpoint is on brokerB using JMSFlow it is possible to bypass security and invoke the endpoint on brokerB even if it is using SecuredBroker.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.