[
https://issues.apache.org/jira/browse/QPID-4494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chuck Rolke resolved QPID-4494.
-------------------------------
Resolution: Not A Problem
Fix Version/s: 0.18
The amqp::exchange::bound frame includes Exchange, Queue, Binding-key, and
Args. The broker passes Exchange, Queue, and Binding-key to the Acl module for
processing. It would be an error to remove the Binding-key value in the Acl
call.
The fact that the C++ Messaging client chooses not to pass a binding-key to the
bound call is not an error either. Executing the same drain/spout commands
through the Python client does not even generate an exchange::bound frame.
> C++ Broker uses RoutingKey property during exchange declare Acl lookup
> ----------------------------------------------------------------------
>
> Key: QPID-4494
> URL: https://issues.apache.org/jira/browse/QPID-4494
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.18
> Reporter: Chuck Rolke
> Assignee: Chuck Rolke
> Fix For: 0.18
>
>
> The Acl interface to the broker during and exchange bound function includes
> an extraneous binding key parameter.
> The functions that trigger this lookup are illustrated here:
> COMMAND LINE
> ./spout "x-usera-1/a.x"
> ON THE WIRE
> 2012-12-04 15:55:25 [Protocol] trace RECV [127.0.0.1:5672-127.0.0.1:46894]:
> Frame[BEbe; channel=1; {ExchangeBoundBody: exchange=x-usera-1;
> queue=x-usera-1; binding-key=; arguments={}; }]
> ACL LOOKUP
> 2012-12-04 15:55:25 [Security] debug ACL: Lookup for id:anonymous
> action:access objectType:exchange name:x-usera-1 with params { routingkey=
> queuename=x-usera-1 }
> The user application is passing the binding key 'a.x' to the messaging
> client. However, the messaging client does not pass the binding key to the
> broker during the ExchangeBoundBody message. As a result the broker Acl
> lookup uses a blank routingkey.
> If the broker is configured with an Acl file that has an ACCESS EXCHANGE rule
> that specifies a routingkey then that rule will never match.
> The suggested change is to deprecate the routingkey property in the Acl
> ACCESS EXCHANGE rule processing. If a routingkey is specified then it will be
> ignored and a warning message will be issued.
> If customers have 'access exchange' rules that use routingkey values
> specified then the Acl behavior may start matching rules that did not match
> before. However the log file will have an Acl warning and the broker will not
> fail to boot due to an Acl file processing error.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
