[jira] [Commented] (KARAF-4600) RBAC - MBean fails to resolve ACL if the order of properties in object name differs

Wed, 29 Jun 2016 20:05:28 -0700 

    [ 
https://issues.apache.org/jira/browse/KARAF-4600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15356366#comment-15356366
 ] 

ASF subversion and git services commented on KARAF-4600:
--------------------------------------------------------

Commit affb5308bffa904518fab8a567d906cd89a83200 in karaf's branch 
refs/heads/karaf-2.x from [~tadayosi]
[ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=affb530 ]

[KARAF-4600] RBAC - MBean fails to resolve ACL if the order of properties in 
object name differs

(cherry picked from commit ce1b778138d4eee7992b25386aa19c6a7edaf384)
(cherry picked from commit 1fe22425f9e0d3e0e6e2b40ebb02b9cfcbdbcae1)
(cherry picked from commit 5bf2185c2397753417072a5bdcf0b4c6a1ef6d13)


> RBAC - MBean fails to resolve ACL if the order of properties in object name 
> differs
> -----------------------------------------------------------------------------------
>
>                 Key: KARAF-4600
>                 URL: https://issues.apache.org/jira/browse/KARAF-4600
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 4.0.5
>            Reporter: Tadayoshi Sato
>            Assignee: Freeman Fang
>
> An MBean:
> {code}
> org.apache.activemq:type=Broker,brokerName=amq-broker,destinationType=Queue,destinationName=TEST
> {code}
> has an ACL file with the following configuration:
> {{etc/jmx.acl.org.apache.activemq.Broker._.Queue.cfg}}
> {code}
> browse* = viewer
> {code}
> While {{JMXSecurityMBean#canInvoke(String, String)}} returns {{true}} for the 
> viewer role on this object name:
> {code}
> org.apache.activemq:type=Broker,brokerName=amq-broker,destinationType=Queue,destinationName=TEST
> {code}
> and operation {{"browse"}}, it returns {{false}} on the canonical form of the 
> same object name and operation, i.e.:
> {code}
> org.apache.activemq:brokerName=amq-broker,destinationName=TEST,destinationType=Queue,type=Broker
> {code}
> and RBAC doesn't work correctly.
> The root cause is that the resolution of ACL configuration is affected by the 
> order of properties in an object name. In the original form of the object 
> name, ACL resolves as:
> {code}
> org.apache.activemq.Broker.amq-broker.Queue.TEST
> {code}
> whereas in the canonical form it resolves as:
> {code}
> org.apache.activemq.Broker.amq-broker.TEST.Queue
> {code}
> and thus cannot find the correct ACL file (note the {{"type"}} property 
> precedes others due to KARAF-3020).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to