You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2017/09/21 09:06:31 UTC
[1/2] qpid-broker-j git commit: QPID-7919: [System Tests] Exclude ACL
test for temporary queue creation from messaging for AMQP 1.0
Repository: qpid-broker-j
Updated Branches:
refs/heads/master f210eea85 -> b39d49135
QPID-7919: [System Tests] Exclude ACL test for temporary queue creation from messaging for AMQP 1.0
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/b39d4913
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/b39d4913
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/b39d4913
Branch: refs/heads/master
Commit: b39d491357f48856f39e59a59be036195d015260
Parents: 366b4d6
Author: Alex Rudyy <or...@apache.org>
Authored: Thu Sep 21 10:05:07 2017 +0100
Committer: Alex Rudyy <or...@apache.org>
Committed: Thu Sep 21 10:05:24 2017 +0100
----------------------------------------------------------------------
test-profiles/Java10Excludes | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/b39d4913/test-profiles/Java10Excludes
----------------------------------------------------------------------
diff --git a/test-profiles/Java10Excludes b/test-profiles/Java10Excludes
index 7b7a21f..fa1d67c 100644
--- a/test-profiles/Java10Excludes
+++ b/test-profiles/Java10Excludes
@@ -215,7 +215,8 @@ org.apache.qpid.server.security.acl.MessagingACLTest#testPublishToDefaultExchang
org.apache.qpid.server.security.acl.MessagingACLTest#testPublishToDefaultExchangeFailure
org.apache.qpid.server.security.acl.Amqp0xMessagingACLTest#*
-// QPID-7904 : Temporary exclude temporary queue creation test
+// QPID-7919 : We can't currently ACL the ability to create temporary queues (or exchanges) as these need to
+// run as system as so avoid the ACL check.
org.apache.qpid.server.security.acl.MessagingACLTest#testCreateTemporaryQueueFailed
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org
[2/2] qpid-broker-j git commit: QPID-7904: [AMQP 1.0] [ACL] Ensure
that transaction is marked as rolled back only if ACL denies publish
Posted by or...@apache.org.
QPID-7904: [AMQP 1.0] [ACL] Ensure that transaction is marked as rolled back only if ACL denies publish
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/366b4d6b
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/366b4d6b
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/366b4d6b
Branch: refs/heads/master
Commit: 366b4d6b4a070d5b2d0cb2adf92696ac6a7e2952
Parents: f210eea
Author: Alex Rudyy <or...@apache.org>
Authored: Wed Sep 20 14:27:00 2017 +0100
Committer: Alex Rudyy <or...@apache.org>
Committed: Thu Sep 21 10:05:24 2017 +0100
----------------------------------------------------------------------
.../v1_0/StandardReceivingLinkEndpoint.java | 50 ++++++----
.../server/security/acl/MessagingACLTest.java | 100 ++++++++++++++++++-
2 files changed, 128 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/366b4d6b/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/StandardReceivingLinkEndpoint.java
----------------------------------------------------------------------
diff --git a/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/StandardReceivingLinkEndpoint.java b/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/StandardReceivingLinkEndpoint.java
index 5ba857d..1c2b9e3 100644
--- a/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/StandardReceivingLinkEndpoint.java
+++ b/broker-plugins/amqp-1-0-protocol/src/main/java/org/apache/qpid/server/protocol/v1_0/StandardReceivingLinkEndpoint.java
@@ -183,10 +183,28 @@ public class StandardReceivingLinkEndpoint extends AbstractReceivingLinkEndpoint
}
}
- ServerTransaction transaction = null;
+ final ServerTransaction transaction;
+ boolean setRollbackOnly = true;
if (transactionId != null)
{
transaction = getSession().getTransaction(transactionId);
+ if (!(transaction instanceof AutoCommitTransaction))
+ {
+ transaction.addPostTransactionAction(new ServerTransaction.Action()
+ {
+ @Override
+ public void postCommit()
+ {
+ updateDisposition(delivery.getDeliveryTag(), null, true);
+ }
+
+ @Override
+ public void onRollback()
+ {
+ updateDisposition(delivery.getDeliveryTag(), null, true);
+ }
+ });
+ }
}
else
{
@@ -216,6 +234,7 @@ public class StandardReceivingLinkEndpoint extends AbstractReceivingLinkEndpoint
}
else
{
+ // TODO - disposition not updated for the non-transaction case
return preconditionFailedError;
}
}
@@ -269,32 +288,21 @@ public class StandardReceivingLinkEndpoint extends AbstractReceivingLinkEndpoint
getSession().getAMQPConnection()
.registerMessageReceived(serverMessage.getSize(), arrivalTime);
- if (!(transaction instanceof AutoCommitTransaction))
- {
- ServerTransaction.Action a;
- transaction.addPostTransactionAction(new ServerTransaction.Action()
- {
- @Override
- public void postCommit()
- {
- updateDisposition(delivery.getDeliveryTag(), null, true);
- }
-
- @Override
- public void onRollback()
- {
- updateDisposition(delivery.getDeliveryTag(), null, true);
- }
- });
- }
+ setRollbackOnly = false;
}
catch (AccessControlException e)
{
final Error err = new Error();
err.setCondition(AmqpError.NOT_ALLOWED);
err.setDescription(e.getMessage());
- close(err);
-
+ return err;
+ }
+ finally
+ {
+ if (setRollbackOnly && transaction instanceof LocalTransaction)
+ {
+ ((LocalTransaction) transaction).setRollbackOnly();
+ }
}
}
finally
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/366b4d6b/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java b/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
index 1855d04..f781329 100644
--- a/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
+++ b/systests/src/test/java/org/apache/qpid/server/security/acl/MessagingACLTest.java
@@ -36,7 +36,6 @@ import javax.jms.TextMessage;
public class MessagingACLTest extends AbstractACLTestCase
{
-
public void setUpAccessAuthorizedSuccess() throws Exception
{
writeACLFileWithAdminSuperUser("ACL ALLOW-LOG client ACCESS VIRTUALHOST");
@@ -495,4 +494,103 @@ public class MessagingACLTest extends AbstractACLTestCase
assertJMSExceptionMessageContains(e, "Access denied to publish to default exchange");
}
}
+
+ public void setUpAnonymousProducerFailsToSendMessageIntoDeniedDestination() throws Exception
+ {
+ List<String> rules = new ArrayList<>();
+ rules.add("ACL ALLOW-LOG client ACCESS VIRTUALHOST");
+
+ if (isBroker10())
+ {
+ rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"\" routingKey=\"example.RequestQueue\"");
+ }
+ else
+ {
+ rules.add("ACL ALLOW-LOG client PUBLISH EXCHANGE name=\"amq.direct\" routingKey=\"example.RequestQueue\"");
+ }
+ rules.add("ACL DENY-LOG client PUBLISH EXCHANGE name=\"*\" routingKey=\"deniedQueue\"");
+ writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
+ }
+
+ public void testAnonymousProducerFailsToSendMessageIntoDeniedDestination() throws Exception
+ {
+ final String allowedDestinationName = "example.RequestQueue";
+ final String deniedDestinationName = "deniedQueue";
+ createQueue(allowedDestinationName);
+ createQueue(deniedDestinationName);
+
+ if (!isBroker10())
+ {
+ bindExchangeToQueue("amq.direct", allowedDestinationName);
+ bindExchangeToQueue("amq.direct", deniedDestinationName);
+ }
+
+ Connection connection = getConnection("test", "client", "guest");
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+
+ MessageProducer producer = session.createProducer(null);
+ producer.send(session.createQueue(allowedDestinationName), session.createTextMessage("test1"));
+
+ try
+ {
+ producer.send(session.createQueue(deniedDestinationName), session.createTextMessage("test2"));
+
+ fail("Sending should fail");
+ }
+ catch (JMSException e)
+ {
+ assertJMSExceptionMessageContains(e,
+ "Permission ACTION(publish) is denied for : " + (isBroker10()
+ ? "Queue"
+ : "Exchange"));
+ }
+
+ try
+ {
+ session.commit();
+ fail("Commit should fail");
+ }
+ catch (JMSException e)
+ {
+ // pass
+ }
+ }
+
+ public void setUpPublishIntoDeniedDestinationFails() throws Exception
+ {
+ List<String> rules = new ArrayList<>();
+ rules.add("ACL ALLOW-LOG client ACCESS VIRTUALHOST");
+ rules.add("ACL DENY-LOG client PUBLISH EXCHANGE name=\"*\" routingKey=\"deniedQueue\"");
+ writeACLFileWithAdminSuperUser(rules.toArray(new String[rules.size()]));
+ }
+
+ public void testPublishIntoDeniedDestinationFails() throws Exception
+ {
+ final String deniedDestinationName = "deniedQueue";
+ createQueue(deniedDestinationName);
+
+ if (!isBroker10())
+ {
+ bindExchangeToQueue("amq.direct", deniedDestinationName);
+ }
+
+ try
+ {
+ Connection connection = getConnection("test", "client", "guest");
+ Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
+
+ MessageProducer producer = session.createProducer(session.createQueue(deniedDestinationName));
+
+ producer.send(session.createTextMessage("test"));
+
+ fail("Sending should fail");
+ }
+ catch (JMSException e)
+ {
+ assertJMSExceptionMessageContains(e,
+ "Permission ACTION(publish) is denied for : " + (isBroker10()
+ ? "Queue"
+ : "Exchange"));
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org