@Override public void addSubscription(ConnectionContext context, Subscription sub) throws Exception { // authorize subscription final SecurityContext securityContext = broker.checkSecurityContext(context); final AuthorizationMap authorizationMap = broker.getAuthorizationMap(); // use the destination being filtered, instead of the destination from the consumerinfo in the subscription // since that could be a wildcard destination final ActiveMQDestination destination = next.getActiveMQDestination(); Set<?> allowedACLs; if (!destination.isTemporary()) { allowedACLs = authorizationMap.getReadACLs(destination); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs(); } if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + destination); } super.addSubscription(context, sub); }
allowedACLs = authorizationMap.getReadACLs(info.getDestination()); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs();
@Override public void addSubscription(ConnectionContext context, Subscription sub) throws Exception { // authorize subscription final SecurityContext securityContext = broker.checkSecurityContext(context); final AuthorizationMap authorizationMap = broker.getAuthorizationMap(); // use the destination being filtered, instead of the destination from the consumerinfo in the subscription // since that could be a wildcard destination final ActiveMQDestination destination = next.getActiveMQDestination(); Set<?> allowedACLs; if (!destination.isTemporary()) { allowedACLs = authorizationMap.getReadACLs(destination); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs(); } if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + destination); } super.addSubscription(context, sub); }
@Override public void addSubscription(ConnectionContext context, Subscription sub) throws Exception { // authorize subscription final SecurityContext securityContext = broker.checkSecurityContext(context); final AuthorizationMap authorizationMap = broker.getAuthorizationMap(); // use the destination being filtered, instead of the destination from the consumerinfo in the subscription // since that could be a wildcard destination final ActiveMQDestination destination = next.getActiveMQDestination(); Set<?> allowedACLs; if (!destination.isTemporary()) { allowedACLs = authorizationMap.getReadACLs(destination); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs(); } if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + destination); } super.addSubscription(context, sub); }
@Override public void addSubscription(ConnectionContext context, Subscription sub) throws Exception { // authorize subscription final SecurityContext securityContext = broker.checkSecurityContext(context); final AuthorizationMap authorizationMap = broker.getAuthorizationMap(); // use the destination being filtered, instead of the destination from the consumerinfo in the subscription // since that could be a wildcard destination final ActiveMQDestination destination = next.getActiveMQDestination(); Set<?> allowedACLs; if (!destination.isTemporary()) { allowedACLs = authorizationMap.getReadACLs(destination); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs(); } if (!securityContext.isBrokerContext() && allowedACLs != null && !securityContext.isInOneOf(allowedACLs) ) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + destination); } super.addSubscription(context, sub); }
allowedACLs = authorizationMap.getReadACLs(info.getDestination()); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs();
allowedACLs = authorizationMap.getReadACLs(info.getDestination()); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs();
allowedACLs = authorizationMap.getReadACLs(info.getDestination()); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs();
allowedACLs = authorizationMap.getReadACLs(info.getDestination()); } else { allowedACLs = authorizationMap.getTempDestinationReadACLs();