https://issues.apache.org/activemq/browse/AMQ-661

git-svn-id: https://svn.apache.org/repos/asf/incubator/activemq/trunk@389007 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Hiram R. Chirino 2006-03-27 02:21:17 +00:00
parent 1baf9f10f9
commit 90bab0fcf4
1 changed files with 11 additions and 16 deletions

View File

@ -44,7 +44,6 @@ import java.util.Set;
public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMBean { public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMBean {
private final AuthorizationMap authorizationMap; private final AuthorizationMap authorizationMap;
private boolean filterReads = true;
public AuthorizationBroker(Broker next, AuthorizationMap authorizationMap) { public AuthorizationBroker(Broker next, AuthorizationMap authorizationMap) {
super(next); super(next);
@ -97,10 +96,16 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
throw new SecurityException("User "+subject.getUserName()+" is not authorized to read from: "+info.getDestination()); throw new SecurityException("User "+subject.getUserName()+" is not authorized to read from: "+info.getDestination());
subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination()); subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());
// Should we install a additional predicate on the consumer? /*
// This adds a little more overhead, but is more secure. * Need to think about this a little more. We could do per message security checking
if( filterReads ) { * to implement finer grained security checking. For example a user can only see messages
* with price>1000 . Perhaps this should just be another additional broker filter that installs
* this type of feature.
*
* If we did want to do that, then we would install a predicate. We should be careful since
* there may be an existing predicate already assigned and the consumer info may be sent to a remote
* broker, so it also needs to support being marshaled.
*
info.setAdditionalPredicate(new BooleanExpression() { info.setAdditionalPredicate(new BooleanExpression() {
public boolean matches(MessageEvaluationContext message) throws JMSException { public boolean matches(MessageEvaluationContext message) throws JMSException {
if( !subject.getAuthorizedReadDests().contains(message.getDestination()) ) { if( !subject.getAuthorizedReadDests().contains(message.getDestination()) ) {
@ -115,8 +120,7 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
return matches(message) ? Boolean.TRUE : Boolean.FALSE; return matches(message) ? Boolean.TRUE : Boolean.FALSE;
} }
}); });
*/
}
return super.addConsumer(context, info); return super.addConsumer(context, info);
} }
@ -190,13 +194,4 @@ public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMB
public void removeUserRole(String user, String role) { public void removeUserRole(String user, String role) {
} }
// Properties
// -------------------------------------------------------------------------
public boolean isFilterReads() {
return filterReads;
}
public void setFilterReads(boolean filterReads) {
this.filterReads = filterReads;
}
} }