3 Replies Latest reply on Feb 6, 2008 10:30 AM by ataylor

    auto creating queues, security and invaliddestination

    ataylor
    ataylor Feb 4, 2008 5:55 AM

      We need to decide how security will work with regard to creating queues at a core level and also how this links to when(and how) we should throw InvalidDestination at a JMS level. This is how i think all his should hang together:

      When a client interacts with a destination at a session level we check to see if they have the CREATE role. This would be a method, probably in MessagingServer, called boolean CheckDestinationSecurity(Destination dest, ServerSessionEndpoint) that would create the destination if it didn't exist and if the client had the correct privileges. If the destination wasn't created then the appropriate return flag would be returned to the user.
      This would be converted into an InvalidDestination exception on the client side at the JMS level.

      comments!

      • 2598 Views
      • Tags:
        • 1. Re: auto creating queues, security and invaliddestination
          ataylor
          ataylor Feb 6, 2008 6:07 AM (in response to ataylor)

          The caveat here is with temporary queues, we shopuld never auto create these, the client must use the appropriate createTempQueue method.

          Also should we always auto create DLQ's and ExperyQueues?

            • Actions
          • 2. Re: auto creating queues, security and invaliddestination
            timfox
            timfox Feb 6, 2008 9:58 AM (in response to ataylor)

            The way I have refactored (soon to commit) is as follows:

            All the JMS stuff (I think) is now on the client side in the thin client layer, we also have a pure core client.

            The session has methods to createQueue and createConsumer.

            creating a queue would be done when

            a) creating a jms queue
            b) creating a topic subscription
            c) creating a temporary queue

            these are all queues.

            As you mention, by default queues should be created as long the user has the CREATE permission for that point in the condition name.

            JMS TCK also requires that some queues are pre-deployed. This can be supported by the JNDIDeployer - which we should probably rename to JMSServerManager. This component should expose a JMS centric management API which then calls the pure core managermenent api of the core server.

              • Actions
            • 3. Re: auto creating queues, security and invaliddestination
              ataylor
              ataylor Feb 6, 2008 10:30 AM (in response to ataylor)

               

              The session has methods to createQueue and createConsumer.

              creating a queue would be done when

              a) creating a jms queue
              b) creating a topic subscription
              c) creating a temporary queue

              these are all queues.

              As you mention, by default queues should be created as long the user has the CREATE permission for that point in the condition name.

              no problems 

              JMS TCK also requires that some queues are pre-deployed. This can be supported by the JNDIDeployer - which we should probably rename to JMSServerManager. This component should expose a JMS centric management API which then calls the pure core managermenent api of the core server.

              I'll rename it and change accordingly.

                • Actions