[jira] Commented: (QPID-1872) NPE thrown by SimpleXML ACLs when consume permission is missing

Thu, 08 Oct 2009 09:00:59 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-1872?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12763540#action_12763540
 ] 

Robbie Gemmell commented on QPID-1872:
--------------------------------------

This is caused by a lack of consume permissions for the user resulting in a 
null value being returned when attempting to retrieve the queuePermissions list 
within PrincipalPermissions.authorise(), from which further sub-lists are 
retrieved without first checking the outer list is non-null. This situation 
only arises when the user has some other (create/publish) rights, in order to 
ensure that the appropriate PrincipalPermissions instance is actually created 
(otherwise the user is denied at an earlier stage as a PrincipalPermissions 
instance is not found for the user).

The value can be checked to ensure it is non-null before procedeeding with 
additional checks, and the request should otherwise be denied as it immediately 
indicates a lack of consume rights for the user.

The prededing code areas have changed significantly since the original report, 
an updated stack trace can be seen below:

pool-1-thread-2 2009-10-08 15:37:02,773 ERROR 
[qpid.server.protocol.AMQProtocolSession] Unexpected exception while processing 
frame. Closing connection.
java.lang.NullPointerException
at 
org.apache.qpid.server.security.access.PrincipalPermissions.authorise(PrincipalPermissions.java:498)
at 
org.apache.qpid.server.security.access.plugins.SimpleXML.authoriseConsume(SimpleXML.java:328)
at 
org.apache.qpid.server.security.access.plugins.SimpleXML.authoriseConsume(SimpleXML.java:335)
at 
org.apache.qpid.server.security.access.ACLManager$4.allowed(ACLManager.java:207)
at 
org.apache.qpid.server.security.access.ACLManager.checkAllPlugins(ACLManager.java:130)
at 
org.apache.qpid.server.security.access.ACLManager.authoriseConsume(ACLManager.java:201)
at 
org.apache.qpid.server.handler.BasicConsumeMethodHandler.methodReceived(BasicConsumeMethodHandler.java:101)
at 
org.apache.qpid.server.handler.ServerMethodDispatcherImpl.dispatchBasicConsume(ServerMethodDispatcherImpl.java:137)
at 
org.apache.qpid.framing.amqp_0_9.BasicConsumeBodyImpl.execute(BasicConsumeBodyImpl.java:187)
at 
org.apache.qpid.server.state.AMQStateManager.methodReceived(AMQStateManager.java:204)
at 
org.apache.qpid.server.protocol.AMQMinaProtocolSession.methodFrameReceived(AMQMinaProtocolSession.java:345)
at org.apache.qpid.framing.AMQMethodBodyImpl.handle(AMQMethodBodyImpl.java:93)
at 
org.apache.qpid.server.protocol.AMQMinaProtocolSession.frameReceived(AMQMinaProtocolSession.java:280)
 

> NPE thrown by SimpleXML ACLs when consume permission is missing
> ---------------------------------------------------------------
>
>                 Key: QPID-1872
>                 URL: https://issues.apache.org/jira/browse/QPID-1872
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: M4, 0.5
>            Reporter: Martin Ritchie
>            Assignee: Robbie Gemmell
>
> Summary:
> When attempting to consume from a queue without permission the broker will 
> throw a NPE if the user does not have any create permissions.
> 2009-03-19 13:52:56,478 ERROR [pool-2-thread-2] 
> protocol.AMQMinaProtocolSession (AMQMinaProtocolSession.java:365) - 
> Unexpected exception while processing frame. Closing connection.
> java.lang.NullPointerException
>         at 
> org.apache.qpid.server.security.access.PrincipalPermissions.authorise(PrincipalPermissions.java:465)
>         at 
> org.apache.qpid.server.security.access.plugins.SimpleXML.authorise(SimpleXML.java:309)
>         at 
> org.apache.qpid.server.handler.BasicConsumeMethodHandler.methodReceived(BasicConsumeMethodHandler.java:101)
>         at 
> org.apache.qpid.server.handler.ServerMethodDispatcherImpl.dispatchBasicConsume(ServerMethodDispatcherImpl.java:137)
>         at 
> org.apache.qpid.framing.amqp_0_9.BasicConsumeBodyImpl.execute(BasicConsumeBodyImpl.java:187)
>         at 
> org.apache.qpid.server.state.AMQStateManager.methodReceived(AMQStateManager.java:204)
>         at 
> org.apache.qpid.server.protocol.AMQMinaProtocolSession.methodFrameReceived(AMQMinaProtocolSession.java:295)
>         at 
> org.apache.qpid.framing.AMQMethodBodyImpl.handle(AMQMethodBodyImpl.java:93)
>         at 
> org.apache.qpid.server.protocol.AMQMinaProtocolSession.frameReceived(AMQMinaProtocolSession.java:
> This happens when the user that is used in the connection does not have 
> consume privilege.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[email protected]

Reply via email to