Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
5.10.0
-
Patch Available
Description
When configuring the authorization plugin with a <tempDestinationAuthorizationEntry> that also set a groupClass, this groupClass is not properly applied to the TempDestinationAuthorizationEntry instance.
E.g. consider this example config
<authorizationPlugin> <map> <authorizationMap groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"> <authorizationEntries> <authorizationEntry queue=">" read="admin" write="client,admin" admin="client,admin" /> <authorizationEntry topic=">" read="client,admin" write="admin" admin="admin"/> <authorizationEntry topic="ActiveMQ.Advisory.>" read="admin,client" write="admin,client" admin="admin"/> </authorizationEntries> <tempDestinationAuthorizationEntry> <tempDestinationAuthorizationEntry read="client,admin" write="client,admin" admin="client,admin" groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/> </tempDestinationAuthorizationEntry> </authorizationMap> </map> </authorizationPlugin>
The groupClass attribute is set on the TempDestinationAuthorizationEntry instance but we don't apply the groupClass to the AuthorizationEntry by calling afterPropertiesSet();
As a result, authorization fails when trying to create a temp destination.
This can happen when deploying the broker inside a Karaf container and have Karaf do the authentication (such as in JBoss A-MQ).
The groupClass is properly set on the authorizationEntries within the <authorizationEntries> list and only fails to be applied properly on the tempDestinationAuthorizationEntry.