-
1. Re: Security on Addresses
ataylor Oct 2, 2012 10:36 AM (in response to halfpad)The problems I have are:
1) If I create a consumer on a hacker client that consumes messages from Address A, this client will be able to intercept messages that were suppose to go to other clients.
2) If this hacker client creates a consumer of the address of queue going to the service, it will also be able to intercept those messages.
If you configure it correctly then this cant happen, simply assign the roles to each client for the address and permissions for each address
-
2. Re: Security on Addresses
halfpad Oct 3, 2012 1:09 AM (in response to ataylor)Andy Taylor wrote:
If you configure it correctly then this cant happen, simply assign the roles to each client for the address and permissions for each address
Do I need to this in the xml file, or is there a way to do it programatically? I need to do it programatically as the number clients won't be known when HornetQ starts up.
-
3. Re: Security on Addresses
ataylor Oct 3, 2012 9:18 AM (in response to halfpad)you can set it using the management API via addAddressSettings on HornetQServerControl
-
4. Re: Security on Addresses
amperdaar Oct 30, 2012 10:58 AM (in response to ataylor)It doesn't look like Intercept is bound to any roles. Couldn't a hacker client just add a intercept to a server from the client side and bypass any security put in place?
-
5. Re: Security on Addresses
amperdaar Nov 12, 2012 5:46 AM (in response to amperdaar)Hi
I had a look at addAddressSettings and addSecuritySettings, but HornetQServerControl is an interface and I see in the code that calling super would not help either. This means that I have to add this functionality. Is this assumption correct? If I'm way of course, could you give an example please? Thanks!
-
6. Re: Security on Addresses
ataylor Nov 12, 2012 6:31 AM (in response to amperdaar)yes its an interface, used by the management interface, take a look at any of the management examples to see how they work
-
7. Re: Security on Addresses
amperdaar Nov 20, 2012 3:23 AM (in response to ataylor)Hi
I ran into another dead end. I run a standalone server and have a custom SecurityManager. How do I manage the roles? It seems that I must add my custom role handling methods in the SecurityManager, but how will this work with addSecuritySettings. Or has this become a custom additional feature..