mirror of https://github.com/apache/activemq.git
https://issues.apache.org/jira/browse/AMQ-6116 - improve security context
This commit is contained in:
parent
43d493e527
commit
5f8a3df5a4
|
@ -38,7 +38,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter implemen
|
|||
next.removeDestination(context, destination, timeout);
|
||||
|
||||
for (SecurityContext sc : securityContexts) {
|
||||
sc.getAuthorizedReadDests().remove(destination);
|
||||
sc.getAuthorizedWriteDests().remove(destination);
|
||||
}
|
||||
}
|
||||
|
@ -53,7 +52,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter implemen
|
|||
|
||||
public void refresh() {
|
||||
for (SecurityContext sc : securityContexts) {
|
||||
sc.getAuthorizedReadDests().clear();
|
||||
sc.getAuthorizedWriteDests().clear();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -126,6 +126,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
|
|||
throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination);
|
||||
}
|
||||
|
||||
securityContext.getAuthorizedWriteDests().remove(destination);
|
||||
|
||||
super.removeDestination(context, destination, timeout);
|
||||
}
|
||||
|
||||
|
@ -137,6 +139,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
|
|||
throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + info.getDestination());
|
||||
}
|
||||
|
||||
securityContext.getAuthorizedWriteDests().remove(info.getDestination());
|
||||
|
||||
super.removeDestinationInfo(context, info);
|
||||
}
|
||||
|
||||
|
@ -154,7 +158,6 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
|
|||
if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) {
|
||||
throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + info.getDestination());
|
||||
}
|
||||
securityContext.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
|
||||
|
||||
/*
|
||||
* Need to think about this a little more. We could do per message
|
||||
|
|
|
@ -56,7 +56,6 @@ public class AuthorizationDestinationFilter extends DestinationFilter {
|
|||
if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) {
|
||||
throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + destination);
|
||||
}
|
||||
securityContext.getAuthorizedReadDests().put(destination, destination);
|
||||
|
||||
super.addSubscription(context, sub);
|
||||
}
|
||||
|
|
|
@ -47,7 +47,6 @@ public abstract class SecurityContext {
|
|||
|
||||
final String userName;
|
||||
|
||||
final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedReadDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>();
|
||||
final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedWriteDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>();
|
||||
|
||||
public SecurityContext(String userName) {
|
||||
|
@ -74,10 +73,6 @@ public abstract class SecurityContext {
|
|||
return userName;
|
||||
}
|
||||
|
||||
public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() {
|
||||
return authorizedReadDests;
|
||||
}
|
||||
|
||||
public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() {
|
||||
return authorizedWriteDests;
|
||||
}
|
||||
|
|
|
@ -72,11 +72,6 @@ public class SubjectSecurityContext extends SecurityContext {
|
|||
throw notAllowed("isInOneOf");
|
||||
}
|
||||
|
||||
@Override
|
||||
public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() {
|
||||
throw notAllowed("getAuthorizedReadDests");
|
||||
}
|
||||
|
||||
@Override
|
||||
public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() {
|
||||
throw notAllowed("getAuthorizedWriteDests");
|
||||
|
|
|
@ -41,11 +41,6 @@ public class SubjectSecurityContextTest {
|
|||
ctx.isInOneOf(null);
|
||||
}
|
||||
|
||||
@Test(expected=UnsupportedOperationException.class)
|
||||
public void testGetAuthorizedReadDests() {
|
||||
ctx.getAuthorizedReadDests();
|
||||
}
|
||||
|
||||
@Test(expected=UnsupportedOperationException.class)
|
||||
public void testGetAuthorizedWriteDests() {
|
||||
ctx.getAuthorizedWriteDests();
|
||||
|
|
Loading…
Reference in New Issue