-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: JBoss A-MQ 6.0
-
Fix Version/s: JBoss A-MQ 6.1
-
Component/s: broker
-
Labels:None
-
Steps to Reproduce:
When configuring the authorization plugin with a <tempDestinationAuthorizationEntry> that also set a groupClass, this groupClass is not properly applied to the TempDestinationAuthorizationEntry instance.E.g. consider this example config| <authorizationPlugin>|
| <map> |
| <authorizationMapgroupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"> |
| <authorizationEntries> |
| <authorizationEntryqueue=">" read="admin" write="client,admin" admin="client,admin" /> |
| <authorizationEntrytopic=">" read="client,admin" write="admin" admin="admin"/> |
| <authorizationEntrytopic="ActiveMQ.Advisory.>" read="admin,client" write="admin,client" admin="admin"/> |
| </authorizationEntries> |
| <tempDestinationAuthorizationEntry> |
| <tempDestinationAuthorizationEntryread="client,admin"write="client,admin"admin="client,admin"groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/> |
| </tempDestinationAuthorizationEntry> |
| </authorizationMap> |
| </map> |
| </authorizationPlugin> |
The groupClass attribute is set on the TempDestinationAuthorizationEntry instance but we don't apply the groupClass to the AuthorizationEntry by calling afterPropertiesSet();As a result, authorization fails when trying to create a temp destination.
This can happen when deploying the broker inside a Karaf container and have Karaf do the authentication (such as in JBoss A-MQ).
The groupClass is properly set on the authorizationEntries within the <authorizationEntries> list and only fails to be applied properly on the tempDestinationAuthorizationEntry.
