[ https://issues.apache.org/jira/browse/KARAF-4600?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Freeman Fang reassigned KARAF-4600: ----------------------------------- Assignee: Freeman Fang > RBAC - MBean fails to resolve ACL if the order of properties in object name > differs > ----------------------------------------------------------------------------------- > > Key: KARAF-4600 > URL: https://issues.apache.org/jira/browse/KARAF-4600 > Project: Karaf > Issue Type: Bug > Components: karaf-security > Affects Versions: 4.0.5 > Reporter: Tadayoshi Sato > Assignee: Freeman Fang > > An MBean: > {code} > org.apache.activemq:type=Broker,brokerName=amq-broker,destinationType=Queue,destinationName=TEST > {code} > has an ACL file with the following configuration: > {{etc/jmx.acl.org.apache.activemq.Broker._.Queue.cfg}} > {code} > browse* = viewer > {code} > While {{JMXSecurityMBean#canInvoke(String, String)}} returns {{true}} for the > viewer role on this object name: > {code} > org.apache.activemq:type=Broker,brokerName=amq-broker,destinationType=Queue,destinationName=TEST > {code} > and operation {{"browse"}}, it returns {{false}} on the canonical form of the > same object name and operation, i.e.: > {code} > org.apache.activemq:brokerName=amq-broker,destinationName=TEST,destinationType=Queue,type=Broker > {code} > and RBAC doesn't work correctly. > The root cause is that the resolution of ACL configuration is affected by the > order of properties in an object name. In the original form of the object > name, ACL resolves as: > {code} > org.apache.activemq.Broker.amq-broker.Queue.TEST > {code} > whereas in the canonical form it resolves as: > {code} > org.apache.activemq.Broker.amq-broker.TEST.Queue > {code} > and thus cannot find the correct ACL file (note the {{"type"}} property > precedes others due to KARAF-3020). -- This message was sent by Atlassian JIRA (v6.3.4#6332)