-
1. Re: Security Problem with CoreBridge
gaohoward Apr 22, 2013 10:25 PM (in response to mofarn)Can you provide some more details? like your configuration and how messages are sent and bridged?
Howard
-
2. Re: Security Problem with CoreBridge
mofarn Apr 23, 2013 2:06 AM (in response to gaohoward)Scenario:
- Client with user:admin, password:admin (This user has admin role), sends message to jms.queue.source
- Bridge messages, between the source queue (In the source server) and target queue (In the target server) ---> This should not work!!!
In the source server, Only admin role can send messages to its queues. (I defined user:admin, password: admin, with admin role in the source server).
In the target server, Only admin2 role can send messages to its queues. (I defined user:admin2, password: admin2, with admin2 role in the target server).
But the bridge, without any user or password, is able to send messages from the source server to the target server. Why??
My Configs (I attached them too):
The source Server:
security settings:
<security-settings> <security-setting match="#"> <permission type="createDurableQueue" roles="admin" /> <permission type="deleteDurableQueue" roles="admin" /> <permission type="createNonDurableQueue" roles="admin" /> <permission type="deleteNonDurableQueue" roles="admin" /> <permission type="consume" roles="admin" /> <permission type="send" roles="admin" /> </security-setting> </security-settings> bridge definiation:
<bridges> <bridge name="bridge-to-target-server"> <queue-name>jms.queue.source</queue-name> <forwarding-address>jms.queue.target</forwarding-address> <ha>false</ha> <retry-interval>2000</retry-interval> <reconnect-attempts>-1</reconnect-attempts> <failover-on-server-shutdown>false</failover-on-server-shutdown> <use-duplicate-detection>true</use-duplicate-detection> <static-connectors> <connector-ref>remote-connector</connector-ref> </static-connectors> </bridge> </bridges> users:
<defaultuser name="guest" password="guest"> <role name="guest" /> </defaultuser> <user name="admin" password="admin"> <role name="admin"/> </user> The target server:
security settings:
<security-settings> <security-setting match="#"> <permission type="createDurableQueue" roles="admin2" /> <permission type="deleteDurableQueue" roles="admin2" /> <permission type="createNonDurableQueue" roles="admin2" /> <permission type="deleteNonDurableQueue" roles="admin2" /> <permission type="consume" roles="admin2" /> <permission type="send" roles="admin2" /> </security-setting> </security-settings> users:
<defaultuser name="guest" password="guest"> <role name="guest" /> </defaultuser> <user name="admin2" password="admin2"> <role name="admin2" /> </user> -
config-target.zip 3.3 KB
-
config-source.zip 3.5 KB
-
3. Re: Security Problem with CoreBridge
mofarn Apr 24, 2013 3:47 PM (in response to mofarn)I think it's a bug!!
-
4. Re: Security Problem with CoreBridge
ataylor Apr 24, 2013 5:09 PM (in response to mofarn)if you can provide a test or an example we can look into it.