Apache
/
activemq-artemis
mirror of https://github.com/apache/activemq-artemis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This closes #3291

This commit is contained in:
Justin Bertram 2020-10-14 12:27:14 -05:00
parent a59f81dfe4 4584ab16df
commit 96fc3b7a23
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java
View File

@ -253,24 +253,22 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
/* /*
* If a valid queue is passed in and there's an exact match for the FQQN then use the FQQN instead of the address * If a valid queue is passed in and there's an exact match for the FQQN then use the FQQN instead of the address
*/ */
boolean isFullyQualified = false;
SimpleString fqqn = null; SimpleString fqqn = null;
if (bareQueue != null) { if (bareQueue != null) {
fqqn = CompositeAddress.toFullyQualified(bareAddress, bareQueue); fqqn = CompositeAddress.toFullyQualified(bareAddress, bareQueue);
if (securityRepository.containsExactMatch(fqqn.toString())) { if (securityRepository.containsExactMatch(fqqn.toString())) {
roles = securityRepository.getMatch(fqqn.toString()); roles = securityRepository.getMatch(fqqn.toString());
isFullyQualified = true;
} }
} }
if (checkAuthorizationCache(isFullyQualified ? fqqn : bareAddress, user, checkType)) { if (checkAuthorizationCache(fqqn != null ? fqqn : bareAddress, user, checkType)) {
return; return;
} }
final Boolean validated; final Boolean validated;
if (securityManager instanceof ActiveMQSecurityManager5) { if (securityManager instanceof ActiveMQSecurityManager5) {
Subject subject = getSubjectForAuthorization(session, ((ActiveMQSecurityManager5) securityManager)); Subject subject = getSubjectForAuthorization(session, ((ActiveMQSecurityManager5) securityManager));
validated = ((ActiveMQSecurityManager5) securityManager).authorize(subject, roles, checkType, isFullyQualified ? fqqn.toString() : bareAddress.toString()); validated = ((ActiveMQSecurityManager5) securityManager).authorize(subject, roles, checkType, fqqn != null ? fqqn.toString() : bareAddress.toString());
} else if (securityManager instanceof ActiveMQSecurityManager4) { } else if (securityManager instanceof ActiveMQSecurityManager4) {
validated = ((ActiveMQSecurityManager4) securityManager).validateUserAndRole(user, session.getPassword(), roles, checkType, bareAddress.toString(), session.getRemotingConnection(), session.getSecurityDomain()) != null; validated = ((ActiveMQSecurityManager4) securityManager).validateUserAndRole(user, session.getPassword(), roles, checkType, bareAddress.toString(), session.getRemotingConnection(), session.getSecurityDomain()) != null;
} else if (securityManager instanceof ActiveMQSecurityManager3) { } else if (securityManager instanceof ActiveMQSecurityManager3) {
@ -314,7 +312,7 @@ public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryC
set = new ConcurrentHashSet<>(); set = new ConcurrentHashSet<>();
authorizationCache.put(key, set); authorizationCache.put(key, set);
} }
set.add(isFullyQualified ? fqqn : bareAddress); set.add(fqqn != null ? fqqn : bareAddress);
} }
} }