[ https://issues.apache.org/jira/browse/AMQ-5304?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14093858#comment-14093858 ]
Torsten Mielke commented on AMQ-5304: ------------------------------------- Fixed in commit [ec2a3c750bbfb33763ac56b8b0a660bdf8542145|https://fisheye6.atlassian.com/changelog/activemq-git?cs=ec2a3c750bbfb33763ac56b8b0a660bdf8542145]. > groupClass not applied to TempDestinationAuthorizationEntry > ----------------------------------------------------------- > > Key: AMQ-5304 > URL: https://issues.apache.org/jira/browse/AMQ-5304 > Project: ActiveMQ > Issue Type: Bug > Components: Broker > Affects Versions: 5.10.0 > Reporter: Torsten Mielke > Assignee: Torsten Mielke > Labels: authorization, security > Attachments: AMQ-5304.patch > > > When configuring the authorization plugin with a > <tempDestinationAuthorizationEntry> that also set a groupClass, this > groupClass is not properly applied to the TempDestinationAuthorizationEntry > instance. > E.g. consider this example config > {code:xml} > <authorizationPlugin> > <map> > <authorizationMap > groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"> > <authorizationEntries> > <authorizationEntry queue=">" read="admin" write="client,admin" > admin="client,admin" /> > <authorizationEntry topic=">" read="client,admin" write="admin" > admin="admin"/> > <authorizationEntry topic="ActiveMQ.Advisory.>" > read="admin,client" write="admin,client" admin="admin"/> > </authorizationEntries> > <tempDestinationAuthorizationEntry> > <tempDestinationAuthorizationEntry read="client,admin" > write="client,admin" admin="client,admin" > groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/> > </tempDestinationAuthorizationEntry> > </authorizationMap> > </map> > </authorizationPlugin> > {code} > The groupClass attribute is set on the TempDestinationAuthorizationEntry > instance but we don't apply the groupClass to the AuthorizationEntry by > calling afterPropertiesSet(); > As a result, authorization fails when trying to create a temp destination. > This can happen when deploying the broker inside a Karaf container and have > Karaf do the authentication (such as in JBoss A-MQ). > The groupClass is properly set on the authorizationEntries within the > <authorizationEntries> list and only fails to be applied properly on the > tempDestinationAuthorizationEntry. -- This message was sent by Atlassian JIRA (v6.2#6252)