[jboss-dev-forums] [Design of Messaging on JBoss (Messaging/JBoss)] - Re: SecurityChecks on Sends (AsyncSend & createProducer)

[ataylor]

anonymous wrote : First: createProducer doesn't do any security checks, as there is nothing being created on Server for a producer, but shouldn't we do a round-trip just to validate security? 

I don't think so, firstly the producer may be anonymous and since the checks are done by address you couldn't do it anyway. secondly, If you did do security checks there would be no point in checking on send. Lastly, 

anonymous wrote : Say you are sending messages (Asynchronously), and you don't have sending permissions... (or you lost permissions after the createProducer). The serverSide will ignore the sends and will only log those errors. 

I think thats ok, as long as its logged and if the user wants they can send blocking.

anonymous wrote : Shouldn't we save exceptions on Async operations, so the next time a Sync operation come (commit, prepare, close) we throw the pending exceptions? 

i'm not sure that is a good idea. what if the next sync call was creating a consumer, it wouldn't make sense to throw an exception for a previous send. We probably should mark a tx as rollback only tho', which I'm not sure we do.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222230#4222230

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222230