[jboss-dev-forums] [Design of Messaging on JBoss (Messaging/JBoss)] - Re: moving SecurityAspect to be an interceptor

Thursday, 7 February 2008

That would be exploitable since a rogue client could just send (guess) someone else's
user id.  Is that different from how the createconnectionrequest works now.

Instead you could maintain a map of packet target id to user id in the server side filter
and use that. 
That was my first solution but the interceptors wouldnt get called if the connection was
removed by the server and we would end up with an ever growing map.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4127325#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of Messaging on JBoss (Messaging/JBoss)] - Re: moving SecurityAspect to be an interceptor