JAkub Scholz created QPID-4520:
----------------------------------
Summary: The deletion of autodelete queue requires ACL rights for
deleting the queue
Key: QPID-4520
URL: https://issues.apache.org/jira/browse/QPID-4520
Project: Qpid
Issue Type: Bug
Components: Java Broker
Affects Versions: 0.21
Environment: Java broker (trunk) / Java 1.6 / RHEL 6.3
Reporter: JAkub Scholz
Priority: Minor
When a user creates an autodelete queue, it should be deleted when the last
user disconnects from the queue. This seems to work fine in general. But in
some specific situations, the autodelete queue isn't deleted. As an example,
following scenario causes problems:
1) Enable ACL
2) Add user account the right to create the queue as autodelete queue in ACL
file. Do not give the user the right to delete the queue.
3) Connect with the user and create the queue
4) Disconnect the user
5) The broker attempts to delete the queue, but fails because the user doesn't
have the ACL rights to delete the queue
6) The queue remains in the system
This scenario is a bit artificial, because it can be seen as mis-configuration
(i.e. giving the possibility to create the queue and not to delete the queue).
But I can imagine a situation when one user creates the queue as autodelete and
other users connect to this queue to read from it. The other users might not be
supposed to delete the queue under normal circumstances, the queeu should just
get deleted after the last user disconnects.
*In my opinion, the autodeletion should be preferred against the ACL rights.*
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
