[ https://issues.apache.org/jira/browse/QPID-6544?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ernest Allen closed QPID-6544. ------------------------------ Resolution: Duplicate Didn't see duplicate: https://issues.apache.org/jira/browse/QPID-6326 > [ACL] Python client demands unnecessary permission / performs unnecessary > actions > ---------------------------------------------------------------------------------- > > Key: QPID-6544 > URL: https://issues.apache.org/jira/browse/QPID-6544 > Project: Qpid > Issue Type: Bug > Components: Python Client > Affects Versions: 0.22 > Reporter: Ernest Allen > > Description of problem: > Python clients accesses both exchange and queue objects, even when the object > types is specified. Thus demanding unnecessary ACL rules to be allowed. > Steps to Reproduce: > Scenario A (access) > 1. create acl: > acl allow-log all access exchange > acl deny-log all all > 2. send message to an amq.fanout > /usr/share/doc/python-qpid-0.22/examples/api/spout -c 1 -b > UserA/UserA@localhost:5672 "amq.fanout;{node:{type:topic}}" > 3. check qpidd log > Scenario B (create) > 1. create acl: > acl allow-log all access all > acl allow-log all create queue > acl deny-log all all > 2. create a queue using spout > /usr/share/doc/python-qpid-0.22/examples/api/spout -c 1 -b > UserA/UserA@localhost:5672 "q;{create:always, node:{type:queue}}" > 3. check qpidd log > Scenario A > Actual results: > 2014-07-28 10:45:07 [Security] info ACL Allow id:UserA@QPID action:access > ObjectType:exchange Name:amq.fanout > 2014-07-28 10:45:07 [Security] info ACL Deny id:UserA@QPID action:access > ObjectType:queue Name:amq.fanout > Expected results: > Scenario A: expected results should be just with "action:access" and no > "action:publish", as publish is for queue object (and in our case, the > message is discarded by the exchange due to no route/binding). > Scenario B > Actual results: > 2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:access > ObjectType:exchange Name:q > 2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:access > ObjectType:queue Name:q > 2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:create > ObjectType:queue Name:q > Expected results: > 2014-07-28 10:57:31 [Security] info ACL Allow id:UserA@QPID action:create > ObjectType:queue Name:q > Additional info: > [A] it behaves the same for node/type:queue, querying the exchanges then > queue. > [B] when creating, client should request only 'create' action, same as C++ -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org