[ https://issues.apache.org/jira/browse/ARTEMIS-4582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17842317#comment-17842317 ]
Luís Alves commented on ARTEMIS-4582: ------------------------------------- hi [~gtully] I've seen you added to ActiveMQSecurityManager: {code:java} default String getUserFromSubject(Subject subject) { return SecurityManagerUtil.getUserFromSubject(subject, UserPrincipal.class); } {code} That caused a side effect on my implementation of ActiveMQSecurityManager5 as my subject extends from Principal and not UserPrincipal. Therefore I always get a null subject and cannot authorize. Is this intended and I need to change my code? your this will be changed to Principal.class? > add view and edit permissions to extend security-settings rbac for management > operations > ---------------------------------------------------------------------------------------- > > Key: ARTEMIS-4582 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4582 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Broker, Configuration, JMX, Web Console > Affects Versions: 2.31.0 > Reporter: Gary Tully > Assignee: Gary Tully > Priority: Major > Fix For: 2.33.0 > > Time Spent: 4h 40m > Remaining Estimate: 0h > > we have the manage permission that allows sending to the management address, > to access any control resource. We don't however distinguish what a user can > do. > We should segment control operations into categories: CRUD provides a basis > view for get/is (Read) > edit for set or operations that mutate or modify. > We allow this sort of configuration via management.xml for jmx mbean access > but using a different model based on object name. > All of the mbeans delegate to the control resources. > If we add these two additional permissions then we can have a single rbac > model (that supports config reload) and more granularity on control resource > access from the management address. -- This message was sent by Atlassian Jira (v8.20.10#820010)