[jboss-dev-forums] [Design of Messaging on JBoss (Messaging/JBoss)] - Re: Another security configuration issue
gaohoward
do-not-reply at jboss.com
Thu Apr 30 08:20:13 EDT 2009
Hi Andy, here I rephrase my thought.
Actuall it is about how the SecurityDeployer works with wild cards. Again let's take this config:
| <security match="jms.topic.#">
| <permission type="createDurableQueue" roles="user"/>
| <permission type="deleteDurableQueue" roles="user"/>
| <permission type="createTempQueue" roles="user"/>
| <permission type="deleteTempQueue" roles="user"/>
| <permission type="send" roles="user"/>
| <permission type="consume" roles="user"/>
| </security>
|
| <security match="jms.topic.news.europe.#">
| <permission type="send" roles="europe-user"/>
| <permission type="consume" roles="news-user"/>
| </security>
|
| <security match="jms.topic.news.us.#">
| <permission type="send" roles="us-user"/>
| <permission type="consume" roles="news-user"/>
| </security>
|
Here we have three security elements. There match strings are
| jms.topic.#
| jms.topic.news.europe.#
| jms.topic.news.us.#
|
Suppose we deploy the above config into SecurityDeployer. Given a topic whose address is 'jms.topic.news.europe.europeTopic', what if we call
| HashSet roles = SecurityDeployer.securityRepository.getMatch('jms.topic.news.europe.europeTopic');
|
What's interesting is that 'jms.topic.news.europe.europeTopic' matches both 'jms.topic.#' and 'jms.topic.news.europe.#'. So I expect
that it will return three roles: user, europe-user and news-user. But it actually returns 2 - europe-user and news-user.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4227858#4227858
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4227858
More information about the jboss-dev-forums
mailing list