You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Alex Rudyy (Jira)" <ji...@apache.org> on 2019/09/02 10:50:00 UTC
[jira] [Updated] (QPID-8356) [Broker-J] ACL rule properties
'from_network' and 'from_hostname' are lost on loading ACL from file in
'RuleBased' access control provider
[ https://issues.apache.org/jira/browse/QPID-8356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy updated QPID-8356:
-----------------------------
Status: Reviewable (was: In Progress)
> [Broker-J] ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL from file in 'RuleBased' access control provider
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8356
> URL: https://issues.apache.org/jira/browse/QPID-8356
> Project: Qpid
> Issue Type: Bug
> Components: Broker-J
> Affects Versions: qpid-java-broker-7.0.8, qpid-java-broker-7.1.4
> Reporter: Alex Rudyy
> Assignee: Alex Rudyy
> Priority: Major
> Fix For: qpid-java-broker-7.1.5
>
>
> ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL from file in 'RuleBased' access control provider.
> The following unit test fails:
> {code}
> @Test
> public void testLoadFirewallRules()
> {
> final Map<String, Object> attributes = Collections.singletonMap(RuleBasedAccessControlProvider.NAME, getTestName());
> final Broker<?> broker = BrokerTestHelper.createBrokerMock();
> final RuleBasedAccessControlProviderImpl aclProvider = new RuleBasedAccessControlProviderImpl(attributes, broker);
> aclProvider.create();
> final String acl = "ACL ALLOW-LOG guest ACCESS VIRTUALHOST from_hostname=\"localhost\"";
> final String data = DataUrlUtils.getDataUrlForBytes(acl.getBytes(UTF_8));
> aclProvider.loadFromFile(data);
> final List<AclRule> rules = aclProvider.getRules();
> assertThat(rules, is(notNullValue()));
> assertThat(rules.size(), is(equalTo(1)));
> final AclRule rule = rules.get(0);
> assertThat(rule, is(notNullValue()));
> assertThat(rule.getObjectType(), is(equalTo(ObjectType.VIRTUALHOST)));
> assertThat(rule.getIdentity(), is(equalTo("guest")));
> assertThat(rule.getOperation(), is(equalTo(LegacyOperation.ACCESS)));
> assertThat(rule.getOutcome(), is(equalTo(RuleOutcome.ALLOW_LOG)));
> assertThat(rule.getAttributes(), is(equalTo(Collections.singletonMap("from_hostname", "localhost"))));
> }
> {code}
> The workaround for this defect would changing the ACL rules directly using 'rules' attribute.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org