Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-3862

[LTS] LegacyLDAPSecuritySettingPlugin allows new user to access any newly created destinations

    XMLWordPrintable

    Details

      Description

      This issue relates to ENTMQBR-3370 but a slightly different problem. 

      Newly created user/group can still access any newly created queues/destinations. For all existing destinations that have already had proper "read", "write" and "admin" permission configured, the newly created user/group worked fine. But not for any new destinations.

      For instance, an user "user3" from group "team3" has been configured to access queues "project3.$". If we create a new user "user4" from group "team4" and they are configured to only access queues "project4.$". But without restarting the AMQ broker, those changes in backend LDAP server will allow the user "user4" to access any other destinations, for instance, it can access queue "project8.test". For the existing configured queues like "project3.test", the user "user4" won't be able to access it, just as usual.

      This strange behaviour will disappear after the AMQ broker restart. After that, everything worked fine as expected.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jbertram Justin Bertram
              Reporter:
              dbruscin Domenico Francesco Bruscino
              Tester:
              Tiago Bueno Tiago Bueno
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: