You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by Gordon Sim <gs...@redhat.com> on 2010/04/08 14:54:36 UTC
[c++]: NotAllowedException v. UnauthorizedAccessException
The broker appears to use NotAllowedException[1] in most places when
authorisation fails. This seems wrong to me as NotAllowedException is
used for specific types of invalid command requests (e.g. declaring an
existing exchange with a different type, or trying to create exchanges
with prohibited prefixes). As it stands it is not possible to realibly
distinguish between these two very different situations in code.
A more appropriate exception for authorisation failures would seem to be
UnauthorisedAccessException[2] which is only used in one place (when a
message is sent with a userid that differs from the authenticated id).
I propose that we fix this. Obviously this breaks backwards
compatibility to a degree, but I think in this case it is justified. At
worst it would require applications to reconsider catching
UnauthorizedAccessException wherever they are currently explicitly
catching NotAllowedException.
--Gordon
[1] Described in specification as indicating: "The peer tried to use a
command a manner that is inconsistent with the rules described in the
specification."
[2] Described in specification as indicating: "The client attempted to
work with a server entity to which it has no access due to security
settings."
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
Re: [c++]: NotAllowedException v. UnauthorizedAccessException
Posted by Carl Trieloff <cc...@redhat.com>.
Sounds reasonable. I believe I had coded in the NotAllowedException,
and I agree UnauthorizedAccessException would be better.
On 04/08/2010 08:54 AM, Gordon Sim wrote:
> The broker appears to use NotAllowedException[1] in most places when
> authorisation fails. This seems wrong to me as NotAllowedException is
> used for specific types of invalid command requests (e.g. declaring an
> existing exchange with a different type, or trying to create exchanges
> with prohibited prefixes). As it stands it is not possible to realibly
> distinguish between these two very different situations in code.
>
> A more appropriate exception for authorisation failures would seem to
> be UnauthorisedAccessException[2] which is only used in one place
> (when a message is sent with a userid that differs from the
> authenticated id).
>
> I propose that we fix this. Obviously this breaks backwards
> compatibility to a degree, but I think in this case it is justified.
> At worst it would require applications to reconsider catching
> UnauthorizedAccessException wherever they are currently explicitly
> catching NotAllowedException.
>
> --Gordon
>
> [1] Described in specification as indicating: "The peer tried to use a
> command a manner that is inconsistent with the rules described in the
> specification."
>
> [2] Described in specification as indicating: "The client attempted to
> work with a server entity to which it has no access due to security
> settings."
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:dev-subscribe@qpid.apache.org
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
Re: [c++]: NotAllowedException v. UnauthorizedAccessException
Posted by Rajith Attapattu <ra...@gmail.com>.
On Thu, Apr 8, 2010 at 10:40 AM, Gordon Sim <gs...@redhat.com> wrote:
> On 04/08/2010 03:11 PM, Rajith Attapattu wrote:
>>
>> Gordon, are you planning to make the change ?
>
> If you are volunteering, that would be greatly appreciated! If not, yes, I
> will make the change.
Ok I will do it :)
>>
>> Regards,
>>
>> Rajith
>>
>> On Thu, Apr 8, 2010 at 8:54 AM, Gordon Sim<gs...@redhat.com> wrote:
>>>
>>> The broker appears to use NotAllowedException[1] in most places when
>>> authorisation fails. This seems wrong to me as NotAllowedException is
>>> used
>>> for specific types of invalid command requests (e.g. declaring an
>>> existing
>>> exchange with a different type, or trying to create exchanges with
>>> prohibited prefixes). As it stands it is not possible to realibly
>>> distinguish between these two very different situations in code.
>>>
>>> A more appropriate exception for authorisation failures would seem to be
>>> UnauthorisedAccessException[2] which is only used in one place (when a
>>> message is sent with a userid that differs from the authenticated id).
>>>
>>> I propose that we fix this. Obviously this breaks backwards compatibility
>>> to
>>> a degree, but I think in this case it is justified. At worst it would
>>> require applications to reconsider catching UnauthorizedAccessException
>>> wherever they are currently explicitly catching NotAllowedException.
>>>
>>> --Gordon
>>>
>>> [1] Described in specification as indicating: "The peer tried to use a
>>> command a manner that is inconsistent with the rules described in the
>>> specification."
>>>
>>> [2] Described in specification as indicating: "The client attempted to
>>> work
>>> with a server entity to which it has no access due to security settings."
>>>
>>> ---------------------------------------------------------------------
>>> Apache Qpid - AMQP Messaging Implementation
>>> Project: http://qpid.apache.org
>>> Use/Interact: mailto:dev-subscribe@qpid.apache.org
>>>
>>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:dev-subscribe@qpid.apache.org
>
>
--
Regards,
Rajith Attapattu
Red Hat
http://rajith.2rlabs.com/
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
Re: [c++]: NotAllowedException v. UnauthorizedAccessException
Posted by Gordon Sim <gs...@redhat.com>.
On 04/08/2010 03:11 PM, Rajith Attapattu wrote:
> Gordon, are you planning to make the change ?
If you are volunteering, that would be greatly appreciated! If not, yes,
I will make the change.
>
> Regards,
>
> Rajith
>
> On Thu, Apr 8, 2010 at 8:54 AM, Gordon Sim<gs...@redhat.com> wrote:
>> The broker appears to use NotAllowedException[1] in most places when
>> authorisation fails. This seems wrong to me as NotAllowedException is used
>> for specific types of invalid command requests (e.g. declaring an existing
>> exchange with a different type, or trying to create exchanges with
>> prohibited prefixes). As it stands it is not possible to realibly
>> distinguish between these two very different situations in code.
>>
>> A more appropriate exception for authorisation failures would seem to be
>> UnauthorisedAccessException[2] which is only used in one place (when a
>> message is sent with a userid that differs from the authenticated id).
>>
>> I propose that we fix this. Obviously this breaks backwards compatibility to
>> a degree, but I think in this case it is justified. At worst it would
>> require applications to reconsider catching UnauthorizedAccessException
>> wherever they are currently explicitly catching NotAllowedException.
>>
>> --Gordon
>>
>> [1] Described in specification as indicating: "The peer tried to use a
>> command a manner that is inconsistent with the rules described in the
>> specification."
>>
>> [2] Described in specification as indicating: "The client attempted to work
>> with a server entity to which it has no access due to security settings."
>>
>> ---------------------------------------------------------------------
>> Apache Qpid - AMQP Messaging Implementation
>> Project: http://qpid.apache.org
>> Use/Interact: mailto:dev-subscribe@qpid.apache.org
>>
>>
>
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org
Re: [c++]: NotAllowedException v. UnauthorizedAccessException
Posted by Rajith Attapattu <ra...@gmail.com>.
Gordon, are you planning to make the change ?
Regards,
Rajith
On Thu, Apr 8, 2010 at 8:54 AM, Gordon Sim <gs...@redhat.com> wrote:
> The broker appears to use NotAllowedException[1] in most places when
> authorisation fails. This seems wrong to me as NotAllowedException is used
> for specific types of invalid command requests (e.g. declaring an existing
> exchange with a different type, or trying to create exchanges with
> prohibited prefixes). As it stands it is not possible to realibly
> distinguish between these two very different situations in code.
>
> A more appropriate exception for authorisation failures would seem to be
> UnauthorisedAccessException[2] which is only used in one place (when a
> message is sent with a userid that differs from the authenticated id).
>
> I propose that we fix this. Obviously this breaks backwards compatibility to
> a degree, but I think in this case it is justified. At worst it would
> require applications to reconsider catching UnauthorizedAccessException
> wherever they are currently explicitly catching NotAllowedException.
>
> --Gordon
>
> [1] Described in specification as indicating: "The peer tried to use a
> command a manner that is inconsistent with the rules described in the
> specification."
>
> [2] Described in specification as indicating: "The client attempted to work
> with a server entity to which it has no access due to security settings."
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:dev-subscribe@qpid.apache.org
>
>
--
Regards,
Rajith Attapattu
Red Hat
http://rajith.2rlabs.com/
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org