You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/10/09 16:58:00 UTC

[jira] [Commented] (QPID-7934) [Java Broker] [ACL] A recovered RuleBasedVirtualHostAccessControlProvider doesn’t tell the virtualhost about updates to its rule-state

    [ https://issues.apache.org/jira/browse/QPID-7934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16197301#comment-16197301 ] 

ASF subversion and git services commented on QPID-7934:
-------------------------------------------------------

Commit e6a7ae29b3a021cb4ecb34b1e9986bb2c115c3a1 in qpid-broker-j's branch refs/heads/master from [~k-wall]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=e6a7ae2 ]

QPID-7934: Remove redundant call to AbstractVirtualHost#updateAccessControl#updateAccessControl. Addresses review comments from Alex Rudyy <or...@apache.org>


> [Java Broker] [ACL] A recovered RuleBasedVirtualHostAccessControlProvider doesn’t tell the virtualhost about updates to its rule-state
> --------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7934
>                 URL: https://issues.apache.org/jira/browse/QPID-7934
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-6.1, qpid-java-6.1.4
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>            Priority: Minor
>             Fix For: qpid-java-broker-7.0.0
>
>
> A recovered {{RuleBasedVirtualHostAccessControlProvider}} doesn’t tell its virtualhost about changes to itself, so the virtualhost doesn’t react to changes in its state (i.e. the rule-set).  This issue exists on the normal Broker start-up path.  It means that if the user attempts to change a rule-set the changes are not applied.
> If a new RuleBasedVirtualHostAccessControlProvider is added, changes made to it are reported properly to the VirtualHost.  (This is why {{VirtualHostAccessControlProviderRestTest}} does not fail).
> The issue is that {{AbstractVirtualHost#postResolveChildren}} fails to add state listeners to existing {{VirtualHostAccessControlProviders}}.  The same issue applies on the virtualhost restart path (much like QPID-7933).
> There is a second problem that lies behind the first.  If you fix #postResolveChildren to install the listener on the existing VHACP, you find that the VH still fails to update its ACL controller state probably after changes to the provider.  This problem is that {{AbstractVirtualHost#updateAccessControl}} gets called (by the super call at line AbstractCommonRuleBasedAccessControlProvider.java:70) before {{AbstractLegacyAccessControlProvider#recreateAccessController}} on the following line so the VH continues to stale a stale controller.  
> The user can work around the problem by restarting the Broker.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org