[jira] [Closed] (DISPATCH-330) Access control policy should return more suitable errors

Charles E. Rolke (Jira) Wed, 27 Nov 2019 09:09:07 -0800


     [ 
https://issues.apache.org/jira/browse/DISPATCH-330?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Charles E. Rolke closed DISPATCH-330.
-------------------------------------
    Fix Version/s: 0.8.0
       Resolution: Fixed

Fixed in 0.8 at commit 6e094945 by Jakub Scholz

> Access control policy should return more suitable errors
> --------------------------------------------------------
>
>                 Key: DISPATCH-330
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-330
>             Project: Qpid Dispatch
>          Issue Type: Bug
>          Components: Policy Engine
>    Affects Versions: 0.6.0
>            Reporter: Jakub Scholz
>            Assignee: Charles E. Rolke
>            Priority: Major
>             Fix For: Backlog, 0.8.0
>
>
> Currently, if some action is denied by the access control policy, it always 
> returns amqp:resource-limit-exceeded error. This is fine when the deny was 
> issues because of a limit (e.g.number of connections, sessions etc.).
> But when the action is denied for different reasons - e.g. because of 
> unallowed target / source, amqp:unauthorized-access would be much more 
> suitable than amqp:resource-limit-exceeded. As an example, see the situation 
> below.
> Mon May  9 09:12:47 2016 SERVER (trace) [4]:0 <- @attach(18) 
> [name="request.ABCFR_ABCFRALMMACC1_113876ee-c7a3-4760-8e97-32d66e8ff0f1", 
> handle=0, role=false, snd-settle-mode=2, rcv-settle-mode=0, 
> source=@source(40) [address="request.ABCFR_ABCFRALMMACC1", durable=0, 
> timeout=0, dynamic=false], target=@target(41) 
> [address="request.ABCFR_ABCFRALMMACC1", durable=0, timeout=0, dynamic=false, 
> capabili
> ties=:topic], initial-delivery-count=0]
> Mon May  9 09:12:47 2016 POLICY (info) DENY AMQP Attach sender link 
> 'request.ABCFR_ABCFRALMMACC1' for user 'admin@QPID', host '127.0.0.1', app 
> '(null)' based on link target name
> Mon May  9 09:12:47 2016 SERVER (trace) [4]:0 -> @attach(18) 
> [name="request.ABCFR_ABCFRALMMACC1_113876ee-c7a3-4760-8e97-32d66e8ff0f1", 
> handle=0, role=true, snd-settle-mode=2, rcv-settle-mode=0, source=@source(40) 
> [durable=0, timeout=0, dynamic=false], target=@target(41) [durable=0, 
> timeout=0, dynamic=false], initial-delivery-count=0]
> Mon May  9 09:12:47 2016 SERVER (trace) [4]:RAW: 
> "\x00\x00\x00\x8f\x02\x00\x00\x00\x00S\x12\xd0\x00\x00\x00\x7f\x00\x00\x00\x0a\xa1@request.ABCFR_ABCFRALMMACC1_113876ee-c7a3-4760-8e97-32d66e8ff0f1R\x00AP\x02P\x00\x00S(\xd0\x00\x00\x00\x11\x00\x00\x00\x0b@R\x00@R\x00B@@@@@@\x00S)\xd0\x00\x00\x00\x0d\x00\x00\x00\x07@R\x00@R\x00B@@@@R\x00"
> Mon May  9 09:12:47 2016 SERVER (trace) [4]:0 -> @detach(22) [handle=0, 
> closed=true, error=@error(29) [condition=:"amqp:resource-limit-exceeded", 
> description="link disallowed by local policy"]]
> Mon May  9 09:12:47 2016 SERVER (trace) [4]:RAW: 
> "\x00\x00\x00c\x02\x00\x00\x00\x00S\x16\xd0\x00\x00\x00S\x00\x00\x00\x03R\x00A\x00S\x1d\xd0\x00\x00\x00D\x00\x00\x00\x03\xa3\x1camqp:resource-limit-exceeded\xa1\x1flink
>  disallowed by local policy@"



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

[jira] [Closed] (DISPATCH-330) Access control policy should return more suitable errors

Reply via email to