You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Chuck Rolke (JIRA)" <ji...@apache.org> on 2012/12/07 20:43:21 UTC

[jira] [Created] (QPID-4494) C++ Broker uses RoutingKey property during exchange declare Acl lookup

Chuck Rolke created QPID-4494:
---------------------------------

             Summary: C++ Broker uses RoutingKey property during exchange declare Acl lookup
                 Key: QPID-4494
                 URL: https://issues.apache.org/jira/browse/QPID-4494
             Project: Qpid
          Issue Type: Bug
          Components: C++ Broker
    Affects Versions: 0.18
            Reporter: Chuck Rolke
            Assignee: Chuck Rolke


The Acl interface to the broker during and exchange bound function includes an extraneous binding key parameter.

The functions that trigger this lookup are illustrated here:

  COMMAND LINE
  ./spout "x-usera-1/a.x"

  ON THE WIRE
  2012-12-04 15:55:25 [Protocol] trace RECV [127.0.0.1:5672-127.0.0.1:46894]: Frame[BEbe; channel=1; {ExchangeBoundBody: exchange=x-usera-1; queue=x-usera-1; binding-key=; arguments={}; }]

  ACL LOOKUP
  2012-12-04 15:55:25 [Security] debug ACL: Lookup for id:anonymous action:access objectType:exchange name:x-usera-1 with params { routingkey= queuename=x-usera-1 }

The user application is passing the binding key 'a.x' to the messaging client. However, the messaging client does not pass the binding key to the broker during the ExchangeBoundBody message. As a result the broker Acl lookup uses a blank routingkey.

If the broker is configured with an Acl file that has an ACCESS EXCHANGE rule that specifies a routingkey then that rule will never match.

The suggested change is to deprecate the routingkey property in the Acl ACCESS EXCHANGE rule processing. If a routingkey is specified then it will be ignored and a warning message will be issued. 

If customers have 'access exchange' rules that use routingkey values specified then the Acl behavior may start matching rules that did not match before. However the log file will have an Acl warning and the broker will not fail to boot due to an Acl file processing error.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org