[jira] (QPID-3964) Incorrect ACL checks for passive declares

Fri, 20 Apr 2012 03:40:31 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-3964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13258181#comment-13258181
 ] 

[email protected] commented on QPID-3964:
-----------------------------------------------------


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4827/
-----------------------------------------------------------

Review request for Ted Ross, Chug Rolke and rajith attapattu.


Summary
-------

At present, the broker enforces the create permission for passive declares, 
albeit with the option of distinguishing that case through a value for the 
'passive' property. This is unintuitive and causes confusion. The attached 
change removes the 'passive' property from the 'create' actions, and enforces 
the 'access' action instead for passive declares. As a passive declare is 
similar in nature to Queue- or Exchange- Query, this is more consistent.

Note however that this change would not be backwards compatible for all 
possible ACLs. I can't see any case where the required change to the ACL would 
not be an improvement, but important to recignise that a change may in some 
cases be required.


This addresses bug QPID-3964.
    https://issues.apache.org/jira/browse/QPID-3964


Diffs
-----

  /trunk/qpid/cpp/src/qpid/broker/AclModule.h 1328252 
  /trunk/qpid/cpp/src/qpid/broker/Broker.cpp 1328252 
  /trunk/qpid/cpp/src/qpid/broker/SessionAdapter.cpp 1328252 
  /trunk/qpid/cpp/src/tests/acl.py 1328252 

Diff: https://reviews.apache.org/r/4827/diff


Testing
-------

Fixed existing tests to cover the new approach; make check passes.


Thanks,

Gordon


                
> Incorrect ACL checks for passive declares
> -----------------------------------------
>
>                 Key: QPID-3964
>                 URL: https://issues.apache.org/jira/browse/QPID-3964
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.16
>            Reporter: Gordon Sim
>            Assignee: Gordon Sim
>             Fix For: 0.17
>
>
> The broker checks for a 'create' permission when responding to a passive 
> declare. This is not correct as a passive declare explicitly *does not* 
> create the exchange/queue in question.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to