You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/08/03 22:50:20 UTC

[jira] [Commented] (ARTEMIS-592) Allow fine grain access control (durable subscriptions)

    [ https://issues.apache.org/jira/browse/ARTEMIS-592?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15406759#comment-15406759 ] 

ASF GitHub Bot commented on ARTEMIS-592:
----------------------------------------

Github user clebertsuconic commented on a diff in the pull request:

    https://github.com/apache/activemq-artemis/pull/701#discussion_r73435791
  
    --- Diff: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ServerSessionImpl.java ---
    @@ -420,10 +420,20 @@ public ServerConsumer createConsumer(final long consumerID,
           }
     
           if (browseOnly) {
    -         securityCheck(binding.getAddress(), CheckType.BROWSE, this);
    +         try {
    +            securityCheck(binding.getAddress(), CheckType.BROWSE, this);
    +         }
    +         catch (Exception e) {
    +            securityCheck(binding.getAddress().concat(".").concat(queueName), CheckType.BROWSE, this);
    --- End diff --
    
    I agree with concatenating the address with the queueName, as long as is documented and would make sense for users.
    
    
    I'm a bit confused on why you would need to catch the exception and redo the verification. I would think you would need the opposite.. in case it passed? In case the address verification failed.
    
    
    I guess I don't fully understand the use case. we should talk through IRC so we can interact a bit better.


> Allow fine grain access control (durable subscriptions)
> -------------------------------------------------------
>
>                 Key: ARTEMIS-592
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-592
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Lionel Cons
>            Assignee: Justin Bertram
>
> According to the documentation:
> {quote}
> Apache ActiveMQ Artemis allows sets of permissions to be defined against the queues based on their address.
> {quote}
> Two different subscriptions on the same topic will have the same address (the topic), only their name will change. So it seems they will get the same permissions.
> Could you please allow fine grain access control to be able to set different permissions to different durable subscriptions of the same topic?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)