glassfish
  1. glassfish
  2. GLASSFISH-18715

Cannot deny user(s) from producing messages for queues

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.1.2
    • Fix Version/s: 4.1.1
    • Component/s: jms
    • Labels:
      None
    • Environment:

      RHEL5, OpenMQ 4.5, PostgreSQL as persistent store, OpenLDAP as user repository

      Description

      My broker has the following in etc/accesscontrol.properties

      ###
      version=JMQFileAccessControlModel/100
      connection.NORMAL.allow.user=*
      connection.ADMIN.allow.group=admins

      queue..produce.allow.user=
      queue..consume.allow.user=

      queue.queuename.produce.deny.user=someone
      ###

      What happens:

      • the user 'someone' is allowed to create a producer for queue 'queuename'

      What was expected:

      • the user 'someone' should be denied when trying to create a producer for queue 'queuename'

      Other notes:

      • if this same type of scenario is repeated for a topic, things work as expected
      • if instead we deny consuming of a queue (e.g. queue.queuename.consume.deny.user=someone) instead of producing of a queue, things work as expected

      Seems odd that just this one scenario causes a problem, so it may be worth trying similar ones.

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              David Zhao
              Reporter:
              ashie1287
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: