Author: rgodfrey
Date: Mon Jul 21 10:49:50 2014
New Revision: 1612237
URL: http://svn.apache.org/r1612237
Log:
QPID-4520 : The deletion of autodelete queue due to autodeletion should not
require ACL rights for deleting the queue
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java?rev=1612237&r1=1612236&r2=1612237&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java
Mon Jul 21 10:49:50 2014
@@ -430,7 +430,16 @@ public abstract class AbstractQueue<X ex
@Override
public void performAction(final Deletable object)
{
- getVirtualHost().removeQueue(AbstractQueue.this);
+ Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(),
+ new PrivilegedAction<Void>()
+ {
+ @Override
+ public Void run()
+ {
+
getVirtualHost().removeQueue(AbstractQueue.this);
+ return null;
+ }
+ });
}
};
@@ -742,7 +751,16 @@ public abstract class AbstractQueue<X ex
_logger.info("Auto-deleting queue:" + this);
}
- getVirtualHost().removeQueue(this);
+
Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(), new
PrivilegedAction<Object>()
+ {
+ @Override
+ public Object run()
+ {
+
getVirtualHost().removeQueue(AbstractQueue.this);
+ return null;
+ }
+ });
+
// we need to manually fire the event to the removed consumer
(which was the last one left for this
// queue. This is because the delete method uses the consumer
set which has just been cleared
Modified:
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java?rev=1612237&r1=1612236&r2=1612237&view=diff
==============================================================================
---
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java
(original)
+++
qpid/trunk/qpid/java/systests/src/main/java/org/apache/qpid/server/security/acl/ExhaustiveACLTest.java
Mon Jul 21 10:49:50 2014
@@ -18,20 +18,23 @@
*/
package org.apache.qpid.server.security.acl;
+import javax.jms.Connection;
+import javax.jms.MessageConsumer;
+import javax.jms.Queue;
+import javax.jms.Session;
+
import org.apache.qpid.AMQException;
import org.apache.qpid.client.AMQSession;
+import org.apache.qpid.configuration.ClientProperties;
import org.apache.qpid.framing.AMQShortString;
import org.apache.qpid.protocol.AMQConstant;
-import javax.jms.Connection;
-import javax.jms.Session;
-
/**
* ACL version 2/3 file testing to verify that ACL entries control queue
creation with specific properties.
*
* Tests have their own ACL files that setup specific permissions, and then
try to create queues with every possible combination
* of properties to show that rule matching works correctly. For example, a
rule that specified {@code autodelete="true"} for
- * queues with {@link name="temp.true.*"} as well should not affect queues
that have names that do not match, or queues that
+ * queues with {@code name="temp.true.*"} as well should not affect queues
that have names that do not match, or queues that
* are not autodelete, or both. Also checks that ACL entries only affect the
specified users and virtual hosts.
*/
public class ExhaustiveACLTest extends AbstractACLTestCase
@@ -117,6 +120,51 @@ public class ExhaustiveACLTest extends A
createQueueFailure("test", "client", "temp.other.09", false,
false);
}
+
+ public void setUpAuthoriseQueueAutodeleteDeleteByOther() throws Exception
+ {
+ writeACLFile("acl allow client access virtualhost",
+ "acl allow server access virtualhost",
+ "acl allow client create queue name=\"temp.true.*\"
autodelete=true",
+ "acl allow server consume queue name=\"temp.true.*\"",
+ "acl allow server bind exchange",
+ "acl deny client create queue",
+ "acl allow client delete queue",
+ "acl deny all create queue"
+ );
+ }
+ /**
+ * Test creation of temporary queues, with the autodelete property and
then autodeleted.
+ */
+ public void testAuthoriseQueueAutodeleteDeleteByOther() throws Exception
+ {
+ // stop the consumer trying to redeclare the queue
+ setTestSystemProperty(ClientProperties.QPID_DECLARE_QUEUES_PROP_NAME,
"false");
+
+ // create a temp queue as use client
+ createQueueSuccess("test", "client", "temp.true.00", true, false);
+
+ // consume from temp queue as user server
+ Connection conn = getConnection("test", "server", "guest");
+ Session sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ conn.start();
+ Queue queue = sess.createQueue("temp.true.00");
+ MessageConsumer cons = sess.createConsumer(queue);
+ cons.close();
+ sess.close();
+
+ sess = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ conn.start();
+
+ // test if the queue is bound to the default exchange
+
assertFalse(((AMQSession)sess).isQueueBound("","temp.true.00","temp.true.00",null));
+ sess.close();
+
+ conn.close();
+
+
+ }
+
public void setUpAuthoriseCreateQueue() throws Exception
{
writeACLFile("acl allow client access virtualhost",
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
