karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-4600) RBAC - MBean fails to resolve ACL if the order of properties in object name differs
Date Fri, 01 Jul 2016 02:58:11 GMT

    [ https://issues.apache.org/jira/browse/KARAF-4600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15358295#comment-15358295
] 

ASF subversion and git services commented on KARAF-4600:
--------------------------------------------------------

Commit fc2dd8417f3691f424d50b0a9c478cfb5b1c2de6 in karaf's branch refs/heads/karaf-4.0.x from
[~ffang]
[ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=fc2dd84 ]

Revert "[KARAF-4600] RBAC - MBean fails to resolve ACL if the order of properties in object
name differs"

This reverts commit 1fe22425f9e0d3e0e6e2b40ebb02b9cfcbdbcae1.


> RBAC - MBean fails to resolve ACL if the order of properties in object name differs
> -----------------------------------------------------------------------------------
>
>                 Key: KARAF-4600
>                 URL: https://issues.apache.org/jira/browse/KARAF-4600
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 4.0.5
>            Reporter: Tadayoshi Sato
>            Assignee: Freeman Fang
>             Fix For: 4.1.0, 4.0.6, 3.0.8, 2.4.5
>
>
> An MBean:
> {code}
> org.apache.activemq:type=Broker,brokerName=amq-broker,destinationType=Queue,destinationName=TEST
> {code}
> has an ACL file with the following configuration:
> {{etc/jmx.acl.org.apache.activemq.Broker._.Queue.cfg}}
> {code}
> browse* = viewer
> {code}
> While {{JMXSecurityMBean#canInvoke(String, String)}} returns {{true}} for the viewer
role on this object name:
> {code}
> org.apache.activemq:type=Broker,brokerName=amq-broker,destinationType=Queue,destinationName=TEST
> {code}
> and operation {{"browse"}}, it returns {{false}} on the canonical form of the same object
name and operation, i.e.:
> {code}
> org.apache.activemq:brokerName=amq-broker,destinationName=TEST,destinationType=Queue,type=Broker
> {code}
> and RBAC doesn't work correctly.
> The root cause is that the resolution of ACL configuration is affected by the order of
properties in an object name. In the original form of the object name, ACL resolves as:
> {code}
> org.apache.activemq.Broker.amq-broker.Queue.TEST
> {code}
> whereas in the canonical form it resolves as:
> {code}
> org.apache.activemq.Broker.amq-broker.TEST.Queue
> {code}
> and thus cannot find the correct ACL file (note the {{"type"}} property precedes others
due to KARAF-3020).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message