[jboss-dev-forums] [Design of Messaging on JBoss (Messaging/JBoss)] - Another security configuration issue
gaohoward
do-not-reply at jboss.com
Wed Apr 29 23:57:43 EDT 2009
Suppose we have the following permission config
| <!-- any user can have full control of generic topics -->
| <security match="jms.topic.#">
| <permission type="createDurableQueue" roles="user"/>
| <permission type="deleteDurableQueue" roles="user"/>
| <permission type="createTempQueue" roles="user"/>
| <permission type="deleteTempQueue" roles="user"/>
| <permission type="send" roles="user"/>
| <permission type="consume" roles="user"/>
| </security>
|
| <security match="jms.topic.news.europe.#">
| <permission type="send" roles="europe-user"/>
| <permission type="consume" roles="news-user"/>
| </security>
|
| <security match="jms.topic.news.us.#">
| <permission type="send" roles="us-user"/>
| <permission type="consume" roles="news-user"/>
| </security>
|
There are three security 'match'es. The last two have all 'create*' and 'delete*' permissions omitted. In that case, I assume that the 'create*' and 'delete*' permission settings for 'jms.topic.news.us.#' and 'jms.topic.news.europe.#' should be inherited from 'jms.topic.#'. But test shows that there is no such inheritance exists. Is it so designed?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227688#4227688
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227688
More information about the jboss-dev-forums
mailing list