3 Replies Latest reply on Mar 23, 2009 12:20 PM by ataylor

security and createQueue

ataylor Mar 17, 2009 11:36 AM

As part of https://jira.jboss.org/jira/browse/JBMESSAGING-1535 I'm making the security finer grained. Locallly so far i have:

SEND
CONSUME
MANAGE
CREATE_DURABLE_QUEUE
DELETE_DURABLE_QUEUE
CREATE_TEMP_QUEUE
DELETE_TEMP_QUEUE

with regard to the last 4 the problem is it doesn't cover all areas, since the queue being created may be non temporary and non durable.

Another right 'createQueue' would fix this but the that implies that if someone had createQueue privileges then by default they have createTempQueue and createDurableQueue privileges which may not be the case.

Or we could allow anyone to create non durable non temp queues.

wdyt?

1. Re: security and createQueue

jmesnil Mar 23, 2009 10:45 AM (in response to ataylor)

I'm not in favor of allowing anyone to create non durable non temp queue: I prefer to grant permissions explicitly rather than implicetly.
I'm also not in favor to add permissions for all the combination of (non)durable & non(temp)

Dumb question: do we really need to distinguish between non durable and durable queue wrt to permissions?
Can't we simply have 4 permissions:
CREATE_QUEUE
DELETE_QUEUE
CREATE_TEMP_QUEUE
DELETE_TEMP_QUEUE

where CREATE_QUEUE & DELETE_QUEUE are checked wether the queue is durable or not?

wdyt?
Actions
2. Re: security and createQueue

timfox Mar 23, 2009 10:53 AM (in response to ataylor)

We need to distinguish between durable and non durable permissions.

However I'm not sure we need to distinguish on temporary.
Actions
3. Re: security and createQueue

ataylor Mar 23, 2009 12:20 PM (in response to ataylor)

Ok, I'll add create/deletenondurablequeue and remove temp
Actions

Go to original post