Uploaded image for project: 'ActiveMQ'
  1. ActiveMQ
  2. AMQ-3749

Composite destinations break simple authorisation through role aggregation

    Details

      Description

      Given authorisation where there is overlap in roles, using a composite destination can gain access in error. eg:

        <authorizationMap>
          <authorizationEntries>
            <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
            <authorizationEntry queue="USER.>" read="users" write="users" admin="users" />
            ...
      

      The correct expectation is that a 'user' can only access queues that match 'USER.>' but a user can bypass this and access a private queue using a composite destination q(PRIVATE,USER.A) because the permissions are aggregated in error and we look for a single match.

        Attachments

          Activity

            People

            • Assignee:
              gtully Gary Tully
              Reporter:
              gtully Gary Tully
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: