[SM-1925] Add security check on remote broker when using JMSFlow/JCAFlow - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.3, 3.3.1
Fix Version/s: 3.2.4, 3.3.2
Component/s: servicemix-core
Labels:
None

Description

SecuredBroker checks security AFTER a component is invoked, which works fine when the consumer and components are on the same broker. If a consumer is on brokerA and a provider endpoint is on brokerB using JMSFlow it is possible to bypass security and invoke the endpoint on brokerB even if it is using SecuredBroker.

Attachments

Activity

People

Assignee:: Chris Custine

Reporter:: Chris Custine

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 11/Jan/10 20:51

Updated:: 12/Jan/10 20:43

Resolved:: 12/Jan/10 20:43