3 Replies Latest reply on Feb 6, 2008 10:30 AM by Andy Taylor

    auto creating queues, security and invaliddestination

    Andy Taylor Master

      We need to decide how security will work with regard to creating queues at a core level and also how this links to when(and how) we should throw InvalidDestination at a JMS level. This is how i think all his should hang together:

      When a client interacts with a destination at a session level we check to see if they have the CREATE role. This would be a method, probably in MessagingServer, called boolean CheckDestinationSecurity(Destination dest, ServerSessionEndpoint) that would create the destination if it didn't exist and if the client had the correct privileges. If the destination wasn't created then the appropriate return flag would be returned to the user.
      This would be converted into an InvalidDestination exception on the client side at the JMS level.

      comments!

        • 1. Re: auto creating queues, security and invaliddestination
          Andy Taylor Master

          The caveat here is with temporary queues, we shopuld never auto create these, the client must use the appropriate createTempQueue method.

          Also should we always auto create DLQ's and ExperyQueues?

          • 2. Re: auto creating queues, security and invaliddestination
            Tim Fox Master

            The way I have refactored (soon to commit) is as follows:

            All the JMS stuff (I think) is now on the client side in the thin client layer, we also have a pure core client.

            The session has methods to createQueue and createConsumer.

            creating a queue would be done when

            a) creating a jms queue
            b) creating a topic subscription
            c) creating a temporary queue

            these are all queues.

            As you mention, by default queues should be created as long the user has the CREATE permission for that point in the condition name.

            JMS TCK also requires that some queues are pre-deployed. This can be supported by the JNDIDeployer - which we should probably rename to JMSServerManager. This component should expose a JMS centric management API which then calls the pure core managermenent api of the core server.

            • 3. Re: auto creating queues, security and invaliddestination
              Andy Taylor Master

               

              The session has methods to createQueue and createConsumer.

              creating a queue would be done when

              a) creating a jms queue
              b) creating a topic subscription
              c) creating a temporary queue

              these are all queues.

              As you mention, by default queues should be created as long the user has the CREATE permission for that point in the condition name.

              no problems

              JMS TCK also requires that some queues are pre-deployed. This can be supported by the JNDIDeployer - which we should probably rename to JMSServerManager. This component should expose a JMS centric management API which then calls the pure core managermenent api of the core server.

              I'll rename it and change accordingly.