Details
-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 5.10.0
-
Component/s: Broker
-
Labels:
-
Patch Info:Patch Available
Description
When configuring the authorization plugin with a <tempDestinationAuthorizationEntry> that also set a groupClass, this groupClass is not properly applied to the TempDestinationAuthorizationEntry instance.
E.g. consider this example config
<authorizationPlugin> <map> <authorizationMap groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"> <authorizationEntries> <authorizationEntry queue=">" read="admin" write="client,admin" admin="client,admin" /> <authorizationEntry topic=">" read="client,admin" write="admin" admin="admin"/> <authorizationEntry topic="ActiveMQ.Advisory.>" read="admin,client" write="admin,client" admin="admin"/> </authorizationEntries> <tempDestinationAuthorizationEntry> <tempDestinationAuthorizationEntry read="client,admin" write="client,admin" admin="client,admin" groupClass="org.apache.karaf.jaas.boot.principal.RolePrincipal"/> </tempDestinationAuthorizationEntry> </authorizationMap> </map> </authorizationPlugin>
The groupClass attribute is set on the TempDestinationAuthorizationEntry instance but we don't apply the groupClass to the AuthorizationEntry by calling afterPropertiesSet();
As a result, authorization fails when trying to create a temp destination.
This can happen when deploying the broker inside a Karaf container and have Karaf do the authentication (such as in JBoss A-MQ).
The groupClass is properly set on the authorizationEntries within the <authorizationEntries> list and only fails to be applied properly on the tempDestinationAuthorizationEntry.