This is an automated email from the ASF dual-hosted git repository. jbertram pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/artemis.git
commit 039d18522455dc6782b9f34ad304f2606422a089 Author: gchuf <[email protected]> AuthorDate: Thu Apr 16 10:26:18 2026 +0200 ARTEMIS-6010 - Improve roles checking in authorize call --- .../activemq/artemis/utils/SecurityManagerUtil.java | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/utils/SecurityManagerUtil.java b/artemis-server/src/main/java/org/apache/activemq/artemis/utils/SecurityManagerUtil.java index bda8d36785..6ec9bbcffd 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/utils/SecurityManagerUtil.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/utils/SecurityManagerUtil.java @@ -21,7 +21,6 @@ import java.lang.reflect.Constructor; import java.lang.reflect.Method; import java.security.Principal; import java.util.HashSet; -import java.util.Iterator; import java.util.Set; import org.apache.activemq.artemis.core.security.CheckType; @@ -114,31 +113,26 @@ public class SecurityManagerUtil { * This method tries to match the RolePrincipals in the Subject with the provided Set of Roles and CheckType */ public static boolean authorize(final Subject subject, final Set<Role> roles, final CheckType checkType, final Class rolePrincipalClass) { - boolean authorized = false; if (subject != null) { Set<RolePrincipal> rolesWithPermission = getPrincipalsInRole(checkType, roles, rolePrincipalClass); // Check the caller's roles - Set<Principal> rolesForSubject = new HashSet<>(); + Set<Principal> rolesForSubject; try { - rolesForSubject.addAll(subject.getPrincipals(rolePrincipalClass)); + rolesForSubject = subject.getPrincipals(rolePrincipalClass); } catch (Exception e) { ActiveMQServerLogger.LOGGER.failedToFindRolesForTheSubject(e); + return false; } if (!rolesForSubject.isEmpty() && !rolesWithPermission.isEmpty()) { - Iterator<Principal> rolesForSubjectIter = rolesForSubject.iterator(); - while (!authorized && rolesForSubjectIter.hasNext()) { - Iterator<RolePrincipal> rolesWithPermissionIter = rolesWithPermission.iterator(); - Principal subjectRole = rolesForSubjectIter.next(); - while (!authorized && rolesWithPermissionIter.hasNext()) { - Principal roleWithPermission = rolesWithPermissionIter.next(); - authorized = subjectRole.equals(roleWithPermission); + for (Principal subjectRole : rolesForSubject) { + if (rolesWithPermission.contains(subjectRole)) { + return true; } } } } - - return authorized; + return false; } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
