ActiveMQ
  1. ActiveMQ
  2. AMQ-3749

Composite destinations break simple authorisation through role aggregation

    Details

      Description

      Given authorisation where there is overlap in roles, using a composite destination can gain access in error. eg:

        <authorizationMap>
          <authorizationEntries>
            <authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
            <authorizationEntry queue="USER.>" read="users" write="users" admin="users" />
            ...
      

      The correct expectation is that a 'user' can only access queues that match 'USER.>' but a user can bypass this and access a private queue using a composite destination q(PRIVATE,USER.A) because the permissions are aggregated in error and we look for a single match.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Gary Tully
            Reporter:
            Gary Tully
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development