diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQBasicSecurityManager.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQBasicSecurityManager.java index fb52093bc47..3ff7e54e219 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQBasicSecurityManager.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQBasicSecurityManager.java @@ -108,11 +108,8 @@ public boolean authorize(final Subject subject, final CheckType checkType, final String address) { boolean authorized = SecurityManagerUtil.authorize(subject, roles, checkType, RolePrincipal.class); - if (authorized) { - logger.trace("user is authorized"); - } else { - logger.trace("user is NOT authorized"); - } + + logger.trace("user is authorized: {}", authorized); return authorized; } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java index a0aaed7641c..c31fa48423b 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.java @@ -116,11 +116,7 @@ public boolean authorize(final Subject subject, final String address) { boolean authorized = SecurityManagerUtil.authorize(subject, roles, checkType, rolePrincipalClass); - if (authorized) { - logger.trace("user is authorized"); - } else { - logger.trace("user is NOT authorized"); - } + logger.trace("user is authorized: {}", authorized); return authorized; } diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/utils/SecurityManagerUtil.java b/artemis-server/src/main/java/org/apache/activemq/artemis/utils/SecurityManagerUtil.java index bda8d367855..6ec9bbcffd7 100644 --- a/artemis-server/src/main/java/org/apache/activemq/artemis/utils/SecurityManagerUtil.java +++ b/artemis-server/src/main/java/org/apache/activemq/artemis/utils/SecurityManagerUtil.java @@ -21,7 +21,6 @@ import java.lang.reflect.Method; import java.security.Principal; import java.util.HashSet; -import java.util.Iterator; import java.util.Set; import org.apache.activemq.artemis.core.security.CheckType; @@ -114,31 +113,26 @@ public int hashCode() { * This method tries to match the RolePrincipals in the Subject with the provided Set of Roles and CheckType */ public static boolean authorize(final Subject subject, final Set roles, final CheckType checkType, final Class rolePrincipalClass) { - boolean authorized = false; if (subject != null) { Set rolesWithPermission = getPrincipalsInRole(checkType, roles, rolePrincipalClass); // Check the caller's roles - Set rolesForSubject = new HashSet<>(); + Set rolesForSubject; try { - rolesForSubject.addAll(subject.getPrincipals(rolePrincipalClass)); + rolesForSubject = subject.getPrincipals(rolePrincipalClass); } catch (Exception e) { ActiveMQServerLogger.LOGGER.failedToFindRolesForTheSubject(e); + return false; } if (!rolesForSubject.isEmpty() && !rolesWithPermission.isEmpty()) { - Iterator rolesForSubjectIter = rolesForSubject.iterator(); - while (!authorized && rolesForSubjectIter.hasNext()) { - Iterator rolesWithPermissionIter = rolesWithPermission.iterator(); - Principal subjectRole = rolesForSubjectIter.next(); - while (!authorized && rolesWithPermissionIter.hasNext()) { - Principal roleWithPermission = rolesWithPermissionIter.next(); - authorized = subjectRole.equals(roleWithPermission); + for (Principal subjectRole : rolesForSubject) { + if (rolesWithPermission.contains(subjectRole)) { + return true; } } } } - - return authorized; + return false; } }