diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java b/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java index 622a4f6585..3b7efb9717 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java @@ -38,7 +38,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter implemen next.removeDestination(context, destination, timeout); for (SecurityContext sc : securityContexts) { - sc.getAuthorizedReadDests().remove(destination); sc.getAuthorizedWriteDests().remove(destination); } } @@ -53,7 +52,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter implemen public void refresh() { for (SecurityContext sc : securityContexts) { - sc.getAuthorizedReadDests().clear(); sc.getAuthorizedWriteDests().clear(); } } diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java index 2481f91b92..06eabd2584 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java @@ -126,6 +126,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination); } + securityContext.getAuthorizedWriteDests().remove(destination); + super.removeDestination(context, destination, timeout); } @@ -137,6 +139,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + info.getDestination()); } + securityContext.getAuthorizedWriteDests().remove(info.getDestination()); + super.removeDestinationInfo(context, info); } @@ -154,7 +158,6 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + info.getDestination()); } - securityContext.getAuthorizedReadDests().put(info.getDestination(), info.getDestination()); /* * Need to think about this a little more. We could do per message diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java index f0ac8b8233..5bb56c7482 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java @@ -56,7 +56,6 @@ public class AuthorizationDestinationFilter extends DestinationFilter { if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + destination); } - securityContext.getAuthorizedReadDests().put(destination, destination); super.addSubscription(context, sub); } diff --git a/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java b/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java index 8c32d62c26..fd677ce590 100644 --- a/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java +++ b/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java @@ -47,7 +47,6 @@ public abstract class SecurityContext { final String userName; - final ConcurrentMap authorizedReadDests = new ConcurrentHashMap(); final ConcurrentMap authorizedWriteDests = new ConcurrentHashMap(); public SecurityContext(String userName) { @@ -74,10 +73,6 @@ public abstract class SecurityContext { return userName; } - public ConcurrentMap getAuthorizedReadDests() { - return authorizedReadDests; - } - public ConcurrentMap getAuthorizedWriteDests() { return authorizedWriteDests; } diff --git a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java index f344d8f0df..00014bffa6 100644 --- a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java +++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java @@ -72,11 +72,6 @@ public class SubjectSecurityContext extends SecurityContext { throw notAllowed("isInOneOf"); } - @Override - public ConcurrentMap getAuthorizedReadDests() { - throw notAllowed("getAuthorizedReadDests"); - } - @Override public ConcurrentMap getAuthorizedWriteDests() { throw notAllowed("getAuthorizedWriteDests"); diff --git a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java index 49d70ed5cd..23e3dffebf 100644 --- a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java +++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java @@ -41,11 +41,6 @@ public class SubjectSecurityContextTest { ctx.isInOneOf(null); } - @Test(expected=UnsupportedOperationException.class) - public void testGetAuthorizedReadDests() { - ctx.getAuthorizedReadDests(); - } - @Test(expected=UnsupportedOperationException.class) public void testGetAuthorizedWriteDests() { ctx.getAuthorizedWriteDests();