Uploaded image for project: 'JBoss A-MQ'
  1. JBoss A-MQ
  2. ENTMQ-749

groupClass not applied to TempDestinationAuthorizationEntry

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • JBoss A-MQ 6.1
    • JBoss A-MQ 6.0
    • broker
    • None
    • Hide

      Use supplied unit test based on Pax-Exam.
      Before running the test install the JBoss A-MQ distribution zip file in your local Maven repo using these coordinates

      mvn install:install-file -DgroupId=org.jboss -DartifactId=jboss-fuse-full -Dversion=6.0  -Dpackaging=zip -Dfile=/path/to/jboss-fuse-full-6.0.0.redhat-024.zip
      Show
      Use supplied unit test based on Pax-Exam. Before running the test install the JBoss A-MQ distribution zip file in your local Maven repo using these coordinates mvn install:install-file -DgroupId=org.jboss -DartifactId=jboss-fuse-full -Dversion=6.0 -Dpackaging=zip -Dfile=/path/to/jboss-fuse-full-6.0.0.redhat-024.zip

      When configuring the authorization plugin with a <tempDestinationAuthorizationEntry> that also set a groupClass, this groupClass is not properly applied to the TempDestinationAuthorizationEntry instance.E.g. consider this example config| <authorizationPlugin>|

      <map>
      <authorizationMapgroupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal">
      <authorizationEntries>
      <authorizationEntryqueue=">" read="admin" write="client,admin" admin="client,admin" />
      <authorizationEntrytopic=">" read="client,admin" write="admin" admin="admin"/>
      <authorizationEntrytopic="ActiveMQ.Advisory.>" read="admin,client" write="admin,client" admin="admin"/>
      </authorizationEntries>
       
      <tempDestinationAuthorizationEntry>
      <tempDestinationAuthorizationEntryread="client,admin"write="client,admin"admin="client,admin"groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/>
      </tempDestinationAuthorizationEntry>
       
      </authorizationMap>
      </map>
      </authorizationPlugin>

      The groupClass attribute is set on the TempDestinationAuthorizationEntry instance but we don't apply the groupClass to the AuthorizationEntry by calling afterPropertiesSet();As a result, authorization fails when trying to create a temp destination.
      This can happen when deploying the broker inside a Karaf container and have Karaf do the authentication (such as in JBoss A-MQ).
      The groupClass is properly set on the authorizationEntries within the <authorizationEntries> list and only fails to be applied properly on the tempDestinationAuthorizationEntry.

        1. BrokerACLTempQueueTest.tgz
          9 kB

              dejanbosanac Dejan Bosanac
              rhn-support-tmielke Torsten Mielke
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: