[ https://issues.apache.org/jira/browse/QPID-7934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy updated QPID-7934: ----------------------------- Status: Open (was: Reviewable) The change introduced in {{AbstractVirtualHost#onRestart}} to call {{AbstractVirtualHost#updateAccessControl}} (line 2663) after successful open of every {{VirtualHost}}'s child looks superfluous to me as it would cause rebuilding of {{AbstractVirtualHost}} access control list on open of every queue, exchange, etc. Taking that {{AbstractVirtualHost#onActivate}} is called after opening of all children in {{AbstractVirtualHost#onRestart}}, which in turn calls {{AbstractVirtualHost#updateAccessControl}} to rebuild virtual host access controls, the call to {{AbstractVirtualHost#updateAccessControl}} can be safely removed from call to {{applyToChildren}} in {{AbstractVirtualHost#onRestart}}. > [Java Broker] [ACL] A recovered RuleBasedVirtualHostAccessControlProvider > doesn’t tell the virtualhost about updates to its rule-state > -------------------------------------------------------------------------------------------------------------------------------------- > > Key: QPID-7934 > URL: https://issues.apache.org/jira/browse/QPID-7934 > Project: Qpid > Issue Type: Bug > Components: Java Broker > Affects Versions: qpid-java-6.1, qpid-java-6.1.4 > Reporter: Keith Wall > Assignee: Keith Wall > Priority: Minor > Fix For: qpid-java-broker-7.0.0 > > > A recovered {{RuleBasedVirtualHostAccessControlProvider}} doesn’t tell its > virtualhost about changes to itself, so the virtualhost doesn’t react to > changes in its state (i.e. the rule-set). This issue exists on the normal > Broker start-up path. It means that if the user attempts to change a > rule-set the changes are not applied. > If a new RuleBasedVirtualHostAccessControlProvider is added, changes made to > it are reported properly to the VirtualHost. (This is why > {{VirtualHostAccessControlProviderRestTest}} does not fail). > The issue is that {{AbstractVirtualHost#postResolveChildren}} fails to add > state listeners to existing {{VirtualHostAccessControlProviders}}. The same > issue applies on the virtualhost restart path (much like QPID-7933). > There is a second problem that lies behind the first. If you fix > #postResolveChildren to install the listener on the existing VHACP, you find > that the VH still fails to update its ACL controller state probably after > changes to the provider. This problem is that > {{AbstractVirtualHost#updateAccessControl}} gets called (by the super call at > line AbstractCommonRuleBasedAccessControlProvider.java:70) before > {{AbstractLegacyAccessControlProvider#recreateAccessController}} on the > following line so the VH continues to stale a stale controller. > The user can work around the problem by restarting the Broker. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org