You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/08/03 22:50:20 UTC
[jira] [Commented] (ARTEMIS-592) Allow fine grain access control
(durable subscriptions)
[ https://issues.apache.org/jira/browse/ARTEMIS-592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15406759#comment-15406759 ]
ASF GitHub Bot commented on ARTEMIS-592:
----------------------------------------
Github user clebertsuconic commented on a diff in the pull request:
https://github.com/apache/activemq-artemis/pull/701#discussion_r73435791
--- Diff: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java ---
@@ -420,10 +420,20 @@ public ServerConsumer createConsumer(final long consumerID,
}
if (browseOnly) {
- securityCheck(binding.getAddress(), CheckType.BROWSE, this);
+ try {
+ securityCheck(binding.getAddress(), CheckType.BROWSE, this);
+ }
+ catch (Exception e) {
+ securityCheck(binding.getAddress().concat(".").concat(queueName), CheckType.BROWSE, this);
--- End diff --
I agree with concatenating the address with the queueName, as long as is documented and would make sense for users.
I'm a bit confused on why you would need to catch the exception and redo the verification. I would think you would need the opposite.. in case it passed? In case the address verification failed.
I guess I don't fully understand the use case. we should talk through IRC so we can interact a bit better.
> Allow fine grain access control (durable subscriptions)
> -------------------------------------------------------
>
> Key: ARTEMIS-592
> URL: https://issues.apache.org/jira/browse/ARTEMIS-592
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Reporter: Lionel Cons
> Assignee: Justin Bertram
>
> According to the documentation:
> {quote}
> Apache ActiveMQ Artemis allows sets of permissions to be defined against the queues based on their address.
> {quote}
> Two different subscriptions on the same topic will have the same address (the topic), only their name will change. So it seems they will get the same permissions.
> Could you please allow fine grain access control to be able to set different permissions to different durable subscriptions of the same topic?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)