[jira] [Created] (QPID-3614) ACLs and federation links do not work

Fri, 11 Nov 2011 14:55:16 -0800 

ACLs and federation links do not work
-------------------------------------

                 Key: QPID-3614
                 URL: https://issues.apache.org/jira/browse/QPID-3614
             Project: Qpid
          Issue Type: Bug
          Components: C++ Broker
    Affects Versions: 0.12
         Environment: Built from source on ubuntu 10.04 x64
            Reporter: Brandon Pedersen


PROBLEM STATEMENT:
I cannot get broker federation to work with ACLs enabled. I keep getting "ACL 
denied creating a federation link" even though my user has all permissions, on 
both brokers.

STEPS TO REPRODUCE:
- Create an acl file like the following:
acl allow federation@QPID all all
acl deny all all

- Create the federation user in the sasl db
- Using the following config:
auth-realm=QPID
log-enable=info+
acl-file=/usr/local/etc/qpid/qpidd.acl
sasl-config=/usr/local/etc/sasl2
auth=yes

- Start two brokers using the same config but different ports and data dirs 
(makes it easy to test the exact same authentication parameters for both 
brokers)
- In my case I am create a queue push route, so create a queue and do:
 qpid-route queue add -s federation/password@localhost:5000 
federation/password@localhost:5001 amq.direct myqueue

Note that the use of a push route does not matter, I tested push and pull and 
both fail, just want to point out that I am using a push route to ensure that 
gets tested as part of the fix for this.

RESULTS:
The connection fails to get created with an error: "ACL denied creating a 
federation link"
In the debug log on the destination broker I see: 
2011-11-11 15:50:20 debug ACL: Lookup for id: action:create objectType:link 
name: with params { }
2011-11-11 15:50:20 debug No successful match, defaulting to the decision mode 
deny

It appear that the user ID is not getting sent across

EXPECTED RESULTS:
The federation link should work with proper ACLs in place


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:[email protected]

Reply via email to