[Design of Messaging on JBoss (Messaging/JBoss)] - Re: moving SecurityAspect to be an interceptor - jboss-dev-forums

Thursday, 7 February 2008

That would be exploitable since a rogue client could just send (guess) someone else's
user id.

Instead you could maintain a map of packet target id to user id in the server side filter
and use that.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4127324#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...