Details
Description
Reminder:
A permission pattern looks like: A:B:C , A, B and C beoing 'parts' of the permission
Each 'part' can have one or more 'token', like 'read,write'.
So a permission with activemq looks like:
queue:queue1,queue2:read,write
granting access on queue1 and queue2, for read or write access.
WildcardPermission class from Shiro library states that tokens are a list of authorized items, for exemple : newsletter:view,edit,create grants view, edit and create rights uppon newsletter item.
ActiveMQWildcardPermission class (in activemq projects), extends this class, by allowing each 'part' to not only be a single wildcard '*', but being a wildcard string.
topic:ActiveMQ.Advisory* grants all access to the topics starting by the given string.
For doing so, this class redefines the implies function, but breaks the above requirements.
queue:*:read,create
should grant read and create access on all queues, but this is not working as
queue:testqueue:read
Will fail to validate
Test code:
WildcardPermission permission = new ActiveMQWildcardPermission("queue:*:read,create", true);
WildcardPermission action = new ActiveMQWildcardPermission("queue:testqueue:read", true);
assert(permission .implies(action ));
replacing new ActiveMQWildcardPermission with new WildcardPermission (parent class) will pass this specific assert (but won't match wildcard string like 'test*' , and is not a suitable swap).