You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2019/09/02 10:49:00 UTC

[jira] [Commented] (QPID-8356) [Broker-J] ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL from file in 'RuleBased' access control provider

    [ https://issues.apache.org/jira/browse/QPID-8356?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16920772#comment-16920772 ] 

ASF subversion and git services commented on QPID-8356:
-------------------------------------------------------

Commit b0d511290b99110d622b9cff6f62b981e8fd0855 in qpid-broker-j's branch refs/heads/7.1.x from Alex Rudyy
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=b0d5112 ]

QPID-8356: [Broker-J] Fix loading of ACL rules containing firewall properties

(cherry picked from commit 67b7724339d92c56acc6b1b67fc26bcb183e0c55)


> [Broker-J] ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL from file in 'RuleBased' access control provider
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8356
>                 URL: https://issues.apache.org/jira/browse/QPID-8356
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-broker-7.0.8, qpid-java-broker-7.1.4
>            Reporter: Alex Rudyy
>            Assignee: Alex Rudyy
>            Priority: Major
>             Fix For: qpid-java-broker-7.1.5
>
>
> ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL from file in 'RuleBased' access control provider.
> The following unit test fails:
> {code}
> @Test
> public void testLoadFirewallRules()
> {
>     final Map<String, Object> attributes = Collections.singletonMap(RuleBasedAccessControlProvider.NAME, getTestName());
>     final Broker<?> broker = BrokerTestHelper.createBrokerMock();
>     final RuleBasedAccessControlProviderImpl aclProvider = new RuleBasedAccessControlProviderImpl(attributes, broker);
>     aclProvider.create();
>     final String acl = "ACL ALLOW-LOG guest ACCESS VIRTUALHOST from_hostname=\"localhost\"";
>     final String data = DataUrlUtils.getDataUrlForBytes(acl.getBytes(UTF_8));
>     aclProvider.loadFromFile(data);
>     final List<AclRule> rules = aclProvider.getRules();
>     assertThat(rules, is(notNullValue()));
>     assertThat(rules.size(), is(equalTo(1)));
>     final AclRule rule = rules.get(0);
>     assertThat(rule, is(notNullValue()));
>     assertThat(rule.getObjectType(), is(equalTo(ObjectType.VIRTUALHOST)));
>     assertThat(rule.getIdentity(), is(equalTo("guest")));
>     assertThat(rule.getOperation(), is(equalTo(LegacyOperation.ACCESS)));
>     assertThat(rule.getOutcome(), is(equalTo(RuleOutcome.ALLOW_LOG)));
>     assertThat(rule.getAttributes(), is(equalTo(Collections.singletonMap("from_hostname", "localhost"))));
> }
> {code}
> The workaround for this defect would changing the ACL rules directly using 'rules' attribute.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org