[
https://issues.apache.org/jira/browse/QPID-1302?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12665463#action_12665463
]
Martin Ritchie commented on QPID-1302:
--------------------------------------
As it is possible with AMQP to declare a temporary queue that does not have
exclusive access further ACL control can be applied.
Using the owner value of a queue was can be used to limit a user to only
temporary queues that they have created.
To enable this limitation the <own/> tag can be added in addition to the
<temporary/> tag in a <queue/> block.
The problem however is that the validation of the connected owner against the
specified user in the ACL configuration does not behave as expected.
What occurs in the code is queue.getOwner().equals(_user); (SimpleXML:478)
which looks correct however, the Owner of the queue is defined to be the Client
ID of the connection that created the queue and not the username of the
connected user.
In fact the username of the connection that created the queue is not stored.
This means that either:
1) the Client ID must be entered in the <name> section when limiting queues via
<own/> , this may confuse users as the value in name will most likely be
different from the other ACL entries for the same 'user'.
2) the XML format is changed so that a <clientid> value is read instead of
<name>, this will highlight that the value should be different but the end user
will still have to be aware of the mapping from user to Client ID for their
application.
3) as the SimpleXML does not have full user documentation the ability to limit
queues via the <own/> tag can be omitted. The Java client currently does not
allow the creation of non-exclusive temporary queues so this functionality will
only be of use for non java clients connecting to the java broker.
> SimpleXML ACL does not correctly identify OWN queues.
> -----------------------------------------------------
>
> Key: QPID-1302
> URL: https://issues.apache.org/jira/browse/QPID-1302
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: M2.1, M3
> Reporter: Martin Ritchie
> Assignee: Martin Ritchie
> Fix For: M5
>
>
> Currently the comparision uses the Queue's owner against the currently logged
> in username. This is incorrect as the Queue Owner is set to the Client ID not
> the connected User ID. Either the queue's owner value needs changed or (more
> likely) the ACL check needs to be changed to compare the client ID of the
> connection against the queue's owner value.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
