[ https://issues.apache.org/jira/browse/AMQ-5304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Torsten Mielke updated AMQ-5304: -------------------------------- Comment: was deleted (was: A comment with security level 'activemq-developers' was removed.) > groupClass not applied to TempDestinationAuthorizationEntry > ----------------------------------------------------------- > > Key: AMQ-5304 > URL: https://issues.apache.org/jira/browse/AMQ-5304 > Project: ActiveMQ > Issue Type: Bug > Components: Broker > Affects Versions: 5.10.0 > Reporter: Torsten Mielke > Assignee: Torsten Mielke > Labels: authorization, security > Attachments: AMQ-5304.patch > > > When configuring the authorization plugin with a > <tempDestinationAuthorizationEntry> that also set a groupClass, this > groupClass is not properly applied to the TempDestinationAuthorizationEntry > instance. > E.g. consider this example config > {code:xml} > <authorizationPlugin> > <map> > <authorizationMap > groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"> > <authorizationEntries> > <authorizationEntry queue=">" read="admin" write="client,admin" > admin="client,admin" /> > <authorizationEntry topic=">" read="client,admin" write="admin" > admin="admin"/> > <authorizationEntry topic="ActiveMQ.Advisory.>" > read="admin,client" write="admin,client" admin="admin"/> > </authorizationEntries> > <tempDestinationAuthorizationEntry> > <tempDestinationAuthorizationEntry read="client,admin" > write="client,admin" admin="client,admin" > groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/> > </tempDestinationAuthorizationEntry> > </authorizationMap> > </map> > </authorizationPlugin> > {code} > The groupClass attribute is set on the TempDestinationAuthorizationEntry > instance but we don't apply the groupClass to the AuthorizationEntry by > calling afterPropertiesSet(); > As a result, authorization fails when trying to create a temp destination. > This can happen when deploying the broker inside a Karaf container and have > Karaf do the authentication (such as in JBoss A-MQ). > The groupClass is properly set on the authorizationEntries within the > <authorizationEntries> list and only fails to be applied properly on the > tempDestinationAuthorizationEntry. -- This message was sent by Atlassian JIRA (v6.2#6252)