[jboss-dev-forums] [Design of Messaging on JBoss (Messaging/JBoss)] - Re: Permissions on temporary destinations (JBMESSAGING-994)
timfox
do-not-reply at jboss.com
Wed Jun 20 05:12:25 EDT 2007
"thomasra" wrote : To repeat a previous posting with precise wording from the spec:
|
| (4.4.3)
| ...only their own connection is allowed to create MessageConsumers for them....
|
| So basically using the same connectionfactory is not enough...
|
No, this is already implemented (long time ago), try creating a consumer on a temp destination you didn't create - you won't be able to. This is isn't configured using security.
anonymous wrote :
| ...and since the specification seems to ignore Producers but mentions "ReplyTo" as a common use case I would assume they mean that anyone can produce messages on a temp destination?
Right.
So, to clarify this:
a) Only the creating connection of the temp queue can create a consumer on it. This has been implemented for ages, it's part of the JMS spec, and we wouldn't have got JMS 1.1 compliance in Sep 2005 without doing this.
b) The JMS spec puts no restrictions on who can write (send messages to) a temp queue. Currently in our implementation temp queues are governed by the standard default destination security config.
c) As has been suggeted, we *could* allow the creator of the temp queue to specify programmaticall additionaly security for the temp queue at creation time. I agree this may be useful but is a "nice to have".
I also repeat my earlier question of what API they would use to specify this security? This would also be non JMS so it makes their code non portable.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4055931#4055931
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4055931
More information about the jboss-dev-forums
mailing list