4 Replies Latest reply on Jun 19, 2007 7:48 AM by timfox

1.3.0 Temporary Destination - Full security

aslak Jun 14, 2007 10:12 AM

Hi

I have a JMS Client sending to a destination(write-only permission), and using a temp destination as a replyto channel.

My first problem is that the temp destination seems to be handled through the same security model as any normal destination.
To work around this, one could setup a role with read permissions true as Default, but that would give the client read access to the sending destination as well.

As far as I can see from the JMS Spec.. A temp destination is unique pr connection, and only consumers from the owning connection is allowed.

I've been trying to look through some code to see what is going on, and found something a bit strange..

In ServerSessionEndpoint.addTemporaryDestination it creates a new ManagedTopic/ManagedQueue based on the incoming Destination name, but
ManagedTopic.setTemporary(true) is never called. Then when DestinationJNDIMapper.registerDestination is called, the temporary flag is lost.

DestinationJNDIMapper.registerDestination checks to see if the destination is temporary or not. If it is not temporary, it should be bound to JNDI.
Then there is a new check to see if it is temporary or not, to bind either JbossTemporaryQueue/Topic or JbossTopic/Queue to jndi..

Any thoughts?

-aslak-

1. Re: 1.3.0 Temporary Destination - Full security

aslak Jun 14, 2007 5:04 PM (in response to aslak)

I'd like to clearify my last post...

The last post was a bit of a mix between two different issues I was having.

The referencing source was more of an 'oddity' that I found looking for;
'Why I wasn't able to read from my temp destination even though I could see the message?'.

I had assumed that Queue/TopicRequestor handled the connection.start as well, guess not..

The main problem still is... I don't have read permission on my temporary destination by default.

Looking at the org.jboss.jms.server.container.SecurityAspect it might be missing something like(pesudo):

if (dest.isTemporary()) {
if(dest.getClientConnectionId != clientConnection.id)
throw SecurityException
}

I havn't found the correct semantics yet.

-aslak-
Actions
2. Re: 1.3.0 Temporary Destination - Full security

sergeypk Jun 18, 2007 11:02 AM (in response to aslak)

I have created a JIRA issue (http://jira.jboss.com/jira/browse/JBMESSAGING-993) for the first problem you describe (temporary destinations should not be bound to JNDI). As I investigate the other problems you mentioned I will create more issues if needed.
Actions
3. Re: 1.3.0 Temporary Destination - Full security

sergeypk Jun 19, 2007 6:33 AM (in response to aslak)

Created http://jira.jboss.com/jira/browse/JBMESSAGING-994 for the security issue.
Actions
4. Re: 1.3.0 Temporary Destination - Full security

timfox Jun 19, 2007 7:48 AM (in response to aslak)

Continued here http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4055562#4055562
Actions

Go to original post