[
https://issues.apache.org/jira/browse/QPID-2133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robbie Gemmell closed QPID-2133.
--------------------------------
Resolution: Won't Fix
> PrincipalPermissions handling of exchange elements within the ACL v1 create
> subsection can lead to inconsistent behaviour
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-2133
> URL: https://issues.apache.org/jira/browse/QPID-2133
> Project: Qpid
> Issue Type: Bug
> Affects Versions: 0.5
> Reporter: Robbie Gemmell
>
> Whilst investigating QPID-1204, a limitation was discovered in the ACL v1
> PrincipalPermissions handling for Exchange(s) elements within the Create
> subsection of the ACL configuration.
> If no Exchange elements exist within the Create section for a given set of
> users, they will have create capabilities for any exchange. This is
> accomplished by never creating a permissions list for creating exchanges, and
> is covered in the authorise check by the null check in the code below.
> PrincipalPermissions: L483
> if (rights == null || rights.containsKey(exchangeName))
> {
> return AuthzResult.ALLOWED;
> }
> However, if for example a Queue Create subsection for that user did specify a
> specific exchange that the creation is permitted in, then the exchange
> creation rights list will be created. As a result, any Create sections
> previously relying on the list being null to permit queue creation in any
> exchange, or the ability to declare any exchange, will be broken (unless the
> exchange name being used happens to match one which was specificlly defined,
> in which case it will exist in the list)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
