Good catch Lorne!
Added a patch for this issue on the svn trunk r507792.
https://issues.apache.org/activemq/browse/AMQ-1163
Regards,
Jonas
Lorne Wilson wrote:
Folks,
I've been trying to use the tempDestinationAuthorizationEntry feature in 4.2
and I think I've found a problem. If I set up a consumer of the temp queue
and add it to the read permission, it always reports that I don't have
permission to read the queue. However, if I add that consumer to the write
permission on the queue it works like a charm.
Looking at the source I think I have discovered a bulk copy/paste problem.
If you look at
org.apache.activemq.security.AuthorizationBroker.addConsumer() in the source
trunk, you will see this little piece of code a couple of lines from the top
of the method:
if(!info.getDestination().isTemporary()) {
allowedACLs =
authorizationMap.getReadACLs(info.getDestination());
}else {
allowedACLs = authorizationMap.getTempDestinationWriteACLs();
}
Note that it gets the TempDestinationWriteACLs(), even though if we are not
a temp queue it gets the ReadACLs(). If you look in addProducer() you can
see a similar piece of code that might be where this copy originated.
I am using what looks to be the latest 4.2 SNAPSHOT (file:
apache-activemq-4.2-20070214.034812-3.zip).
lorne
