Lorenz Quack created QPID-7696:
----------------------------------
Summary: [Java Broker] Deletion of a temporary queue can crash the
broker with certain ACLs
Key: QPID-7696
URL: https://issues.apache.org/jira/browse/QPID-7696
Project: Qpid
Issue Type: Bug
Components: Java Broker
Affects Versions: qpid-java-6.1.1
Reporter: Lorenz Quack
ACL:
{noformat}
ACL ALLOW-LOG testUser CREATE QUEUE temporary="true"
ACL ALLOW-LOG testUser DELETE QUEUE temporary="true"
ACL ALLOW-LOG testUser ACCESS ALL
ACL ALLOW-LOG admin ALL ALL
ACL DENY-LOG ALL ALL
{noformat}
client code:
{code}
/* create connection */
Session session = connection.createSession(true,
Session.SESSION_TRANSACTED);
TemporaryQueue temporaryQueue = session.createTemporaryQueue();
temporaryQueue.delete();
/* cleanup */
{code}
This crashes the broker v6.1.1
{noformat}
########################################################################
#
# Unhandled Exception java.security.AccessControlException: Permission DELETE
is denied for : Binding 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' on
Queue 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' Exchange 'amq.direct' in
Thread IO-/127.0.0.1:53477
#
# Exiting
#
########################################################################
java.security.AccessControlException: Permission DELETE is denied for : Binding
'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' on Queue
'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' Exchange 'amq.direct'
at
org.apache.qpid.server.model.AbstractConfiguredObject.authorise(AbstractConfiguredObject.java:2959)
at
org.apache.qpid.server.model.AbstractConfiguredObject.authorise(AbstractConfiguredObject.java:2891)
at
org.apache.qpid.server.model.AbstractConfiguredObject.authoriseSetAttributes(AbstractConfiguredObject.java:2970)
at
org.apache.qpid.server.model.AbstractConfiguredObject$15.execute(AbstractConfiguredObject.java:1659)
at
org.apache.qpid.server.model.AbstractConfiguredObject$15.execute(AbstractConfiguredObject.java:1629)
at
org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:632)
at
org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:625)
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:240)
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper$1.run(TaskExecutorImpl.java:312)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at
org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:305)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Process finished with exit code 1
{noformat}
I have not tested with other versions of the broker, yet.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
