[jboss-cvs] JBoss Messaging SVN: r3119 - in trunk: src/main/org/jboss/jms/server and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Sep 19 10:33:46 EDT 2007
Author: timfox
Date: 2007-09-19 10:33:45 -0400 (Wed, 19 Sep 2007)
New Revision: 3119
Modified:
trunk/docs/userguide/en/modules/configuration.xml
trunk/docs/userguide/en/modules/installation.xml
trunk/src/main/org/jboss/jms/server/ServerPeer.java
trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
trunk/src/main/org/jboss/messaging/core/impl/clusterconnection/ClusterConnectionManager.java
Log:
http://jira.jboss.com/jira/browse/JBMESSAGING-1070
Modified: trunk/docs/userguide/en/modules/configuration.xml
===================================================================
--- trunk/docs/userguide/en/modules/configuration.xml 2007-09-19 12:52:41 UTC (rev 3118)
+++ trunk/docs/userguide/en/modules/configuration.xml 2007-09-19 14:33:45 UTC (rev 3119)
@@ -375,7 +375,7 @@
These connections are made with the user name of a special reserved user.
The password used by that user is specified by this parameter.
<warning>This must be specified at install time, or the default password will be used. Any one who then knows
- the default password will be able to gain read access to any destinations on the server</warning>
+ the default password will be able to gain access to any destinations on the server</warning>
</para>
</section>
Modified: trunk/docs/userguide/en/modules/installation.xml
===================================================================
--- trunk/docs/userguide/en/modules/installation.xml 2007-09-19 12:52:41 UTC (rev 3118)
+++ trunk/docs/userguide/en/modules/installation.xml 2007-09-19 14:33:45 UTC (rev 3119)
@@ -453,7 +453,7 @@
<listitem>
<para>
<warning>SECURITY RISK! To avoid a security risk, you MUST specify the value of the attribute SuckerPassword in the Server Peer config (messaging-service.xml). If you do not specify a value, the default value will be used. Any person
-that knows the default value will be able to obtain read access to all destinations on the server. The password chosen
+that knows the default value will be able to access to all destinations on the server. The password chosen
should only be exposed to administrators</warning>
</para>
</listitem>
Modified: trunk/src/main/org/jboss/jms/server/ServerPeer.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/ServerPeer.java 2007-09-19 12:52:41 UTC (rev 3118)
+++ trunk/src/main/org/jboss/jms/server/ServerPeer.java 2007-09-19 14:33:45 UTC (rev 3119)
@@ -255,11 +255,15 @@
failoverWaiter = new FailoverWaiter(serverPeerID, failoverStartTimeout, failoverCompleteTimeout, txRepository);
clusterNotifier.registerListener(failoverWaiter);
+ if (suckerPassword == null)
+ {
+ suckerPassword = SecurityMetadataStore.DEFAULT_SUCKER_USER_PASSWORD;
+ }
if (clusterPullConnectionFactoryName != null)
{
clusterConnectionManager = new ClusterConnectionManager(useXAForMessagePull, serverPeerID,
clusterPullConnectionFactoryName, defaultPreserveOrdering,
- suckerPassword, SecurityMetadataStore.SUCKER_USER);
+ SecurityMetadataStore.SUCKER_USER, suckerPassword);
clusterNotifier.registerListener(clusterConnectionManager);
}
@@ -273,7 +277,7 @@
connectionManager.start();
connectorManager.start();
memoryManager.start();
- messageStore.start();
+ messageStore.start();
securityStore.setSuckerPassword(suckerPassword);
securityStore.start();
txRepository.start();
Modified: trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java
===================================================================
--- trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2007-09-19 12:52:41 UTC (rev 3118)
+++ trunk/src/main/org/jboss/jms/server/security/SecurityMetadataStore.java 2007-09-19 14:33:45 UTC (rev 3119)
@@ -210,8 +210,8 @@
if (SUCKER_USER.equals(user))
{
//The special user SUCKER_USER is used for creating internal connections that suck messages between nodes
- //It has automatic read access to all destinations
- return (checkType.equals(CheckType.READ));
+ //It has automatic read/write access to all destinations
+ return (checkType.equals(CheckType.READ) || checkType.equals(CheckType.WRITE));
}
Principal principal = user == null ? null : new SimplePrincipal(user);
@@ -226,12 +226,7 @@
// Public --------------------------------------------------------
public void setSuckerPassword(String password)
- {
- if (password == null)
- {
- password = DEFAULT_SUCKER_USER_PASSWORD;
- }
-
+ {
checkDefaultSuckerPassword(password);
this.suckerPassword = password;
Modified: trunk/src/main/org/jboss/messaging/core/impl/clusterconnection/ClusterConnectionManager.java
===================================================================
--- trunk/src/main/org/jboss/messaging/core/impl/clusterconnection/ClusterConnectionManager.java 2007-09-19 12:52:41 UTC (rev 3118)
+++ trunk/src/main/org/jboss/messaging/core/impl/clusterconnection/ClusterConnectionManager.java 2007-09-19 14:33:45 UTC (rev 3119)
@@ -102,6 +102,10 @@
this.preserveOrdering = preserveOrdering;
+ this.suckerUser = suckerUser;
+
+ this.suckerPassword = suckerPassword;
+
if (trace) { log.trace("Created " + this); }
}
More information about the jboss-cvs-commits
mailing list