adding a patch to fix AMQ-1157 allowing a broker security context to be used to allow destinations to be created on startup etc.

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@504586 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
James Strachan 2007-02-07 15:35:10 +00:00
parent 6e7e3abf5d
commit 1d882e981c
3 changed files with 32 additions and 13 deletions

View File

@ -69,6 +69,7 @@ import org.apache.activemq.network.NetworkConnector;
import org.apache.activemq.network.jms.JmsConnector;
import org.apache.activemq.proxy.ProxyConnector;
import org.apache.activemq.security.MessageAuthorizationPolicy;
import org.apache.activemq.security.SecurityContext;
import org.apache.activemq.store.DefaultPersistenceAdapterFactory;
import org.apache.activemq.store.PersistenceAdapter;
import org.apache.activemq.store.PersistenceAdapterFactory;
@ -1454,6 +1455,7 @@ public class BrokerService implements Service, Serializable {
protected ConnectionContext createAdminConnectionContext() throws Exception {
ConnectionContext context = new ConnectionContext();
context.setBroker(getBroker());
context.setSecurityContext(SecurityContext.BROKER_SECURITY_CONTEXT);
return context;
}

View File

@ -58,18 +58,20 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
//if(!((ActiveMQTempDestination)destination).getConnectionId().equals(context.getConnectionId().getValue()) ) {
Set allowedACLs = null;
if(!destination.isTemporary()) {
allowedACLs = authorizationMap.getAdminACLs(destination);
} else {
allowedACLs = authorizationMap.getTempDestinationAdminACLs();
}
if(allowedACLs!=null && !securityContext.isInOneOf(allowedACLs))
throw new SecurityException("User "+securityContext.getUserName()+" is not authorized to create: "+destination);
if (!securityContext.isBrokerContext()) {
Set allowedACLs = null;
if(!destination.isTemporary()) {
allowedACLs = authorizationMap.getAdminACLs(destination);
} else {
allowedACLs = authorizationMap.getTempDestinationAdminACLs();
}
if(allowedACLs!=null && !securityContext.isInOneOf(allowedACLs))
throw new SecurityException("User "+securityContext.getUserName()+" is not authorized to create: "+destination);
}
// }
// }
return super.addDestination(context, destination);
}

View File

@ -19,7 +19,7 @@ package org.apache.activemq.security;
import java.util.HashSet;
import java.util.Set;
import java.util.Collections;
import java.util.concurrent.ConcurrentHashMap;
/**
@ -29,6 +29,17 @@ import java.util.concurrent.ConcurrentHashMap;
*/
abstract public class SecurityContext {
public static final SecurityContext BROKER_SECURITY_CONTEXT = new SecurityContext("ActiveMQBroker") {
@Override
public boolean isBrokerContext() {
return true;
}
public Set getPrincipals() {
return Collections.EMPTY_SET;
}
};
final String userName;
final ConcurrentHashMap authorizedReadDests = new ConcurrentHashMap();
@ -53,8 +64,12 @@ abstract public class SecurityContext {
public ConcurrentHashMap getAuthorizedReadDests() {
return authorizedReadDests;
}
public ConcurrentHashMap getAuthorizedWriteDests() {
return authorizedWriteDests;
}
public boolean isBrokerContext() {
return false;
}
}