Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7C397200B45 for ; Fri, 1 Jul 2016 04:58:13 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 7ADCD160A63; Fri, 1 Jul 2016 02:58:13 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id C345B160A52 for ; Fri, 1 Jul 2016 04:58:12 +0200 (CEST) Received: (qmail 79220 invoked by uid 500); 1 Jul 2016 02:58:11 -0000 Mailing-List: contact issues-help@karaf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@karaf.apache.org Delivered-To: mailing list issues@karaf.apache.org Received: (qmail 78822 invoked by uid 99); 1 Jul 2016 02:58:11 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Jul 2016 02:58:11 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 056AB2C02A5 for ; Fri, 1 Jul 2016 02:58:11 +0000 (UTC) Date: Fri, 1 Jul 2016 02:58:11 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: issues@karaf.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (KARAF-4600) RBAC - MBean fails to resolve ACL if the order of properties in object name differs MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 01 Jul 2016 02:58:13 -0000 [ https://issues.apache.org/jira/browse/KARAF-4600?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15358295#comment-15358295 ] ASF subversion and git services commented on KARAF-4600: -------------------------------------------------------- Commit fc2dd8417f3691f424d50b0a9c478cfb5b1c2de6 in karaf's branch refs/heads/karaf-4.0.x from [~ffang] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=fc2dd84 ] Revert "[KARAF-4600] RBAC - MBean fails to resolve ACL if the order of properties in object name differs" This reverts commit 1fe22425f9e0d3e0e6e2b40ebb02b9cfcbdbcae1. > RBAC - MBean fails to resolve ACL if the order of properties in object name differs > ----------------------------------------------------------------------------------- > > Key: KARAF-4600 > URL: https://issues.apache.org/jira/browse/KARAF-4600 > Project: Karaf > Issue Type: Bug > Components: karaf-security > Affects Versions: 4.0.5 > Reporter: Tadayoshi Sato > Assignee: Freeman Fang > Fix For: 4.1.0, 4.0.6, 3.0.8, 2.4.5 > > > An MBean: > {code} > org.apache.activemq:type=Broker,brokerName=amq-broker,destinationType=Queue,destinationName=TEST > {code} > has an ACL file with the following configuration: > {{etc/jmx.acl.org.apache.activemq.Broker._.Queue.cfg}} > {code} > browse* = viewer > {code} > While {{JMXSecurityMBean#canInvoke(String, String)}} returns {{true}} for the viewer role on this object name: > {code} > org.apache.activemq:type=Broker,brokerName=amq-broker,destinationType=Queue,destinationName=TEST > {code} > and operation {{"browse"}}, it returns {{false}} on the canonical form of the same object name and operation, i.e.: > {code} > org.apache.activemq:brokerName=amq-broker,destinationName=TEST,destinationType=Queue,type=Broker > {code} > and RBAC doesn't work correctly. > The root cause is that the resolution of ACL configuration is affected by the order of properties in an object name. In the original form of the object name, ACL resolves as: > {code} > org.apache.activemq.Broker.amq-broker.Queue.TEST > {code} > whereas in the canonical form it resolves as: > {code} > org.apache.activemq.Broker.amq-broker.TEST.Queue > {code} > and thus cannot find the correct ACL file (note the {{"type"}} property precedes others due to KARAF-3020). -- This message was sent by Atlassian JIRA (v6.3.4#6332)