https://issues.apache.org/jira/browse/AMQ-6116 - improve security context

2025-02-18 07:56:20 +00:00 · 2016-01-08 17:05:58 +01:00 · 2016-01-08 17:05:58 +01:00 · 5f8a3df5a4
commit 5f8a3df5a4
parent 43d493e527
6 changed files with 4 additions and 19 deletions
--- a/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/AbstractAuthenticationBroker.java
@ -38,7 +38,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter implemen
        next.removeDestination(context, destination, timeout);
        for (SecurityContext sc : securityContexts) {
            sc.getAuthorizedReadDests().remove(destination);
            sc.getAuthorizedWriteDests().remove(destination);
        }
    }
@ -53,7 +52,6 @@ public abstract class AbstractAuthenticationBroker extends BrokerFilter implemen
    public void refresh() {
        for (SecurityContext sc : securityContexts) {
            sc.getAuthorizedReadDests().clear();
            sc.getAuthorizedWriteDests().clear();
        }
    }
--- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationBroker.java
@ -126,6 +126,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
            throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination);
        }
        securityContext.getAuthorizedWriteDests().remove(destination);
        super.removeDestination(context, destination, timeout);
    }
@ -137,6 +139,8 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
            throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + info.getDestination());
        }
        securityContext.getAuthorizedWriteDests().remove(info.getDestination());
        super.removeDestinationInfo(context, info);
    }
@ -154,7 +158,6 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
        if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) {
            throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + info.getDestination());
        }
        securityContext.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
        /*
         * Need to think about this a little more. We could do per message
--- a/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/AuthorizationDestinationFilter.java
@ -56,7 +56,6 @@ public class AuthorizationDestinationFilter extends DestinationFilter {
        if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) {
            throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + destination);
        }
        securityContext.getAuthorizedReadDests().put(destination, destination);
        super.addSubscription(context, sub);
    }
--- a/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java
+++ b/activemq-broker/src/main/java/org/apache/activemq/security/SecurityContext.java
@ -47,7 +47,6 @@ public abstract class SecurityContext {
    final String userName;
    final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedReadDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>();
    final ConcurrentMap<ActiveMQDestination, ActiveMQDestination> authorizedWriteDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>();
    public SecurityContext(String userName) {
@ -74,10 +73,6 @@ public abstract class SecurityContext {
        return userName;
    }
    public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() {
        return authorizedReadDests;
    }
    public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() {
        return authorizedWriteDests;
    }
--- a/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
+++ b/activemq-shiro/src/main/java/org/apache/activemq/shiro/subject/SubjectSecurityContext.java
@ -72,11 +72,6 @@ public class SubjectSecurityContext extends SecurityContext {
        throw notAllowed("isInOneOf");
    }
    @Override
    public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() {
        throw notAllowed("getAuthorizedReadDests");
    }
    @Override
    public ConcurrentMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() {
        throw notAllowed("getAuthorizedWriteDests");
--- a/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
+++ b/activemq-shiro/src/test/java/org/apache/activemq/shiro/subject/SubjectSecurityContextTest.java
@ -41,11 +41,6 @@ public class SubjectSecurityContextTest {
        ctx.isInOneOf(null);
    }
    @Test(expected=UnsupportedOperationException.class)
    public void testGetAuthorizedReadDests() {
        ctx.getAuthorizedReadDests();
    }
    @Test(expected=UnsupportedOperationException.class)
    public void testGetAuthorizedWriteDests() {
        ctx.getAuthorizedWriteDests();