[jira] [Updated] (QPID-8356) [Broker-J] ACL rule properties 'from_network' and 'from_hostname' are lost on loading ACL from file in 'RuleBased' access control provider

Sun, 29 Sep 2019 15:33:12 -0700 


     [ 
https://issues.apache.org/jira/browse/QPID-8356?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Alex Rudyy updated QPID-8356:
-----------------------------
    Fix Version/s: qpid-java-broker-7.0.9
                   qpid-java-broker-8.0.0

> [Broker-J] ACL rule properties 'from_network' and 'from_hostname' are lost on 
> loading ACL from file in 'RuleBased' access control provider
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-8356
>                 URL: https://issues.apache.org/jira/browse/QPID-8356
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-broker-7.0.8, qpid-java-broker-7.1.4
>            Reporter: Alex Rudyy
>            Assignee: Alex Rudyy
>            Priority: Major
>             Fix For: qpid-java-broker-8.0.0, qpid-java-broker-7.0.9, 
> qpid-java-broker-7.1.5
>
>
> ACL rule properties 'from_network' and 'from_hostname' are lost on loading 
> ACL from file in 'RuleBased' access control provider.
> The following unit test fails:
> {code}
> @Test
> public void testLoadFirewallRules()
> {
>     final Map<String, Object> attributes = 
> Collections.singletonMap(RuleBasedAccessControlProvider.NAME, getTestName());
>     final Broker<?> broker = BrokerTestHelper.createBrokerMock();
>     final RuleBasedAccessControlProviderImpl aclProvider = new 
> RuleBasedAccessControlProviderImpl(attributes, broker);
>     aclProvider.create();
>     final String acl = "ACL ALLOW-LOG guest ACCESS VIRTUALHOST 
> from_hostname=\"localhost\"";
>     final String data = DataUrlUtils.getDataUrlForBytes(acl.getBytes(UTF_8));
>     aclProvider.loadFromFile(data);
>     final List<AclRule> rules = aclProvider.getRules();
>     assertThat(rules, is(notNullValue()));
>     assertThat(rules.size(), is(equalTo(1)));
>     final AclRule rule = rules.get(0);
>     assertThat(rule, is(notNullValue()));
>     assertThat(rule.getObjectType(), is(equalTo(ObjectType.VIRTUALHOST)));
>     assertThat(rule.getIdentity(), is(equalTo("guest")));
>     assertThat(rule.getOperation(), is(equalTo(LegacyOperation.ACCESS)));
>     assertThat(rule.getOutcome(), is(equalTo(RuleOutcome.ALLOW_LOG)));
>     assertThat(rule.getAttributes(), 
> is(equalTo(Collections.singletonMap("from_hostname", "localhost"))));
> }
> {code}
> The workaround for this defect would changing the ACL rules directly using 
> 'rules' attribute.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to