[jira] [Created] (QPID-4494) C++ Broker uses RoutingKey property during exchange declare Acl lookup

Fri, 07 Dec 2012 11:43:23 -0800 

Chuck Rolke created QPID-4494:
---------------------------------

             Summary: C++ Broker uses RoutingKey property during exchange 
declare Acl lookup
                 Key: QPID-4494
                 URL: https://issues.apache.org/jira/browse/QPID-4494
             Project: Qpid
          Issue Type: Bug
          Components: C++ Broker
    Affects Versions: 0.18
            Reporter: Chuck Rolke
            Assignee: Chuck Rolke


The Acl interface to the broker during and exchange bound function includes an 
extraneous binding key parameter.

The functions that trigger this lookup are illustrated here:

  COMMAND LINE
  ./spout "x-usera-1/a.x"

  ON THE WIRE
  2012-12-04 15:55:25 [Protocol] trace RECV [127.0.0.1:5672-127.0.0.1:46894]: 
Frame[BEbe; channel=1; {ExchangeBoundBody: exchange=x-usera-1; queue=x-usera-1; 
binding-key=; arguments={}; }]

  ACL LOOKUP
  2012-12-04 15:55:25 [Security] debug ACL: Lookup for id:anonymous 
action:access objectType:exchange name:x-usera-1 with params { routingkey= 
queuename=x-usera-1 }

The user application is passing the binding key 'a.x' to the messaging client. 
However, the messaging client does not pass the binding key to the broker 
during the ExchangeBoundBody message. As a result the broker Acl lookup uses a 
blank routingkey.

If the broker is configured with an Acl file that has an ACCESS EXCHANGE rule 
that specifies a routingkey then that rule will never match.

The suggested change is to deprecate the routingkey property in the Acl ACCESS 
EXCHANGE rule processing. If a routingkey is specified then it will be ignored 
and a warning message will be issued. 

If customers have 'access exchange' rules that use routingkey values specified 
then the Acl behavior may start matching rules that did not match before. 
However the log file will have an Acl warning and the broker will not fail to 
boot due to an Acl file processing error.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to