[
https://issues.apache.org/jira/browse/QPID-4520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rob Godfrey reopened QPID-4520:
-------------------------------
Assignee: (was: Robbie Gemmell)
Looking at this again - I think we should probably fix this.
The rational for closing this is that the current ACL system is a bit of a
mess, and we should instead move to a mechanism where the actors able to
perform actions on an object are stored on the object itself... however this
defect is of a slightly different nature - basically actor A is creating a
queue and saying "when there are no subscribers to this queue, then delete it".
Actor B comes along, makes a subscription, and then disconnects... this was
the last subscription, so then (according to the wishes of Actor A) the queue
should be deleted.
The fix is simply to run the lifetime constraint task as the system user rather
than the user who owns the subscription
i.e. to something like this (in AbstractQueue.java):
{code}
private void addLifetimeConstraint(final Deletable<? extends Deletable>
lifetimeObject)
{
final Action<Deletable> deleteQueueTask = new Action<Deletable>()
{
@Override
public void performAction(final Deletable object)
{
Subject.doAs(SecurityManager.getSubjectWithAddedSystemRights(),
new PrivilegedAction<Void>()
{
@Override
public Void run()
{
getVirtualHost().removeQueue(AbstractQueue.this);
return null;
}
});
}
};
lifetimeObject.addDeleteTask(deleteQueueTask);
addDeleteTask(new DeleteDeleteTask(lifetimeObject, deleteQueueTask));
}
{code}
> The deletion of autodelete queue requires ACL rights for deleting the queue
> ---------------------------------------------------------------------------
>
> Key: QPID-4520
> URL: https://issues.apache.org/jira/browse/QPID-4520
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker
> Affects Versions: 0.21
> Environment: Java broker (trunk) / Java 1.6 / RHEL 6.3
> Reporter: JAkub Scholz
> Priority: Minor
>
> When a user creates an autodelete queue, it should be deleted when the last
> user disconnects from the queue. This seems to work fine in general. But in
> some specific situations, the autodelete queue isn't deleted. As an example,
> following scenario causes problems:
> 1) Enable ACL
> 2) Add user account the right to create the queue as autodelete queue in ACL
> file. Do not give the user the right to delete the queue.
> 3) Connect with the user and create the queue
> 4) Disconnect the user
> 5) The broker attempts to delete the queue, but fails because the user
> doesn't have the ACL rights to delete the queue
> 6) The queue remains in the system
> This scenario is a bit artificial, because it can be seen as
> mis-configuration (i.e. giving the possibility to create the queue and not to
> delete the queue). But I can imagine a situation when one user creates the
> queue as autodelete and other users connect to this queue to read from it.
> The other users might not be supposed to delete the queue under normal
> circumstances, the queeu should just get deleted after the last user
> disconnects.
> *In my opinion, the autodeletion should be preferred against the ACL rights.*
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
