Description
Currently the Openwire producers are allowed to attach even when the named destination(s) it requests don't offer send permissions to the logged in user (the sends themselves are validated). The sends from these named or from anonymous producers are checked for permission but only after such things as conversion of the message to Core has happened which leads to unnecessary GC overhead and wasted CPU cycles if the send is going to ultimately be rejected.
We should reject Openwire senders on attach (which is what the ActiveMQ 'Classic' broker does) and we should check send permissions prior to unnecessarily converting messages to Core to reduce overhead from anonymous senders that are sending into destinations they cannot write to. This change doesn't introduce any new security but simply would respond more quickly and efficiently than the current code would.
Attachments
Issue Links
- links to