[
https://issues.apache.org/jira/browse/QPID-7247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15387398#comment-15387398
]
Alex Rudyy commented on QPID-7247:
----------------------------------
Keith,
In the change you made preference owner validation was moved from
checkForValidPrincipal to checkForConflictWithExisting. Method
checkForConflictWithExisting is only invoked from updateOrAppend and is not
called from replace. Currently all preference store replace implementations do
deletion of records specified in first parameter and proceed with
updateOrAppend for the second parameter. As result, it is possible to steal
preference as part of replace. Either we need to fix store implementation and
change replace behavior to do insertOrThrowIfExist for the records specified in
the second parameter for replace or add owner validation of replace methods in
UserPreferences
> Implement preferences model and REST API
> ----------------------------------------
>
> Key: QPID-7247
> URL: https://issues.apache.org/jira/browse/QPID-7247
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Keith Wall
> Assignee: Alex Rudyy
> Fix For: qpid-java-6.1
>
>
> Implement the preferences model and the REST API described by:
> https://cwiki.apache.org/confluence/display/qpid/Preference+Store
> After this work it will be possible to add/update/remove preference from the
> REST API, but there will be no persistence. At this stage all preferences
> will be available to all users. There will be no security in preferences
> layer.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
