Return-Path: X-Original-To: apmail-qpid-commits-archive@www.apache.org Delivered-To: apmail-qpid-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8AE0B17ACE for ; Sat, 10 Jan 2015 01:20:01 +0000 (UTC) Received: (qmail 89214 invoked by uid 500); 10 Jan 2015 01:20:02 -0000 Delivered-To: apmail-qpid-commits-archive@qpid.apache.org Received: (qmail 89184 invoked by uid 500); 10 Jan 2015 01:20:02 -0000 Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list commits@qpid.apache.org Received: (qmail 89174 invoked by uid 99); 10 Jan 2015 01:20:02 -0000 Received: from eris.apache.org (HELO hades.apache.org) (140.211.11.105) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 10 Jan 2015 01:20:02 +0000 Received: from hades.apache.org (localhost [127.0.0.1]) by hades.apache.org (ASF Mail Server at hades.apache.org) with ESMTP id A4D70AC010E; Sat, 10 Jan 2015 01:20:02 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1650708 - in /qpid/trunk/qpid/java: broker-core/src/main/java/org/apache/qpid/server/model/adapter/ broker-core/src/main/java/org/apache/qpid/server/security/ broker-core/src/test/java/org/apache/qpid/server/security/ systests/src/test/jav... Date: Sat, 10 Jan 2015 01:20:02 -0000 To: commits@qpid.apache.org From: rgodfrey@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20150110012002.A4D70AC010E@hades.apache.org> Author: rgodfrey Date: Sat Jan 10 01:20:02 2015 New Revision: 1650708 URL: http://svn.apache.org/r1650708 Log: QPID-6306 : [Java Broker] Restrict broker to single ACL Provider at any given time Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java?rev=1650708&r1=1650707&r2=1650708&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java (original) +++ qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/model/adapter/BrokerAdapter.java Sat Jan 10 01:20:02 2015 @@ -180,6 +180,14 @@ public class BrokerAdapter extends Abstr deleted(); throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable"); } + + Collection> accessControlProviders = getAccessControlProviders(); + + if(accessControlProviders != null && accessControlProviders.size() > 1) + { + deleted(); + throw new IllegalArgumentException("At most one AccessControlProvider can be defined"); + } } @Override @@ -242,14 +250,7 @@ public class BrokerAdapter extends Abstr if (children != null) { for (final ConfiguredObject child : children) { - if (child instanceof AccessControlProvider) - { - addAccessControlProvider((AccessControlProvider)child); - } - else - { - child.addChangeListener(this); - } + child.addChangeListener(this); if (child.getState() == State.ERRORED ) { @@ -578,23 +579,18 @@ public class BrokerAdapter extends Abstr private AccessControlProvider createAccessControlProvider(final Map attributes) { + final Collection> currentProviders = getAccessControlProviders(); + if(currentProviders != null && !currentProviders.isEmpty()) + { + throw new IllegalConfigurationException("Cannot add a second AccessControlProvider"); + } AccessControlProvider accessControlProvider = (AccessControlProvider) createChild(AccessControlProvider.class, attributes); - addAccessControlProvider(accessControlProvider); + accessControlProvider.addChangeListener(this); return accessControlProvider; } - private void addAccessControlProvider(final AccessControlProvider accessControlProvider) - { - accessControlProvider.addChangeListener(this); - accessControlProvider.addChangeListener(_securityManager); - if(accessControlProvider.getState() == State.ACTIVE) - { - _securityManager.addPlugin(accessControlProvider.getAccessControl()); - } - } - private boolean deleteAccessControlProvider(AccessControlProvider accessControlProvider) { accessControlProvider.removeChangeListener(this); Modified: qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java?rev=1650708&r1=1650707&r2=1650708&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java (original) +++ qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/SecurityManager.java Sat Jan 10 01:20:02 2015 @@ -44,7 +44,6 @@ import org.apache.qpid.server.consumer.C import org.apache.qpid.server.exchange.ExchangeImpl; import org.apache.qpid.server.model.AccessControlProvider; import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.ConfigurationChangeListener; import org.apache.qpid.server.model.ConfiguredObject; import org.apache.qpid.server.model.State; import org.apache.qpid.server.protocol.AMQConnectionModel; @@ -57,18 +56,17 @@ import org.apache.qpid.server.security.a import org.apache.qpid.server.security.auth.AuthenticatedPrincipal; import org.apache.qpid.server.security.auth.TaskPrincipal; -public class SecurityManager implements ConfigurationChangeListener +public class SecurityManager { private static final Subject SYSTEM = new Subject(true, Collections.singleton(new SystemPrincipal()), Collections.emptySet(), Collections.emptySet()); - private final ConcurrentMap _plugins = new ConcurrentHashMap(); private final boolean _managementMode; private final Broker _broker; - private final ConcurrentMap _publishAccessCheckCache = new ConcurrentHashMap(); + private final ConcurrentMap _publishAccessCheckCache = new ConcurrentHashMap(); public SecurityManager(Broker broker, boolean managementMode) { @@ -135,16 +133,6 @@ public class SecurityManager implements return user; } - public void addPlugin(final AccessControl accessControl) - { - - synchronized (_plugins) - { - String pluginTypeName = getPluginTypeName(accessControl); - - _plugins.put(pluginTypeName, accessControl); - } - } private static final class SystemPrincipal implements Principal { @@ -167,24 +155,31 @@ public class SecurityManager implements private boolean checkAllPlugins(AccessCheck checker) { // If we are running as SYSTEM then no ACL checking - if(isSystemProcess()) + if(isSystemProcess() || _managementMode) { return true; } - for (AccessControl plugin : _plugins.values()) + + Collection> accessControlProviders = _broker.getAccessControlProviders(); + if(accessControlProviders != null && !accessControlProviders.isEmpty()) { - Result remaining = checker.allowed(plugin); - if (remaining == Result.DEFER) - { - remaining = plugin.getDefault(); - } - if (remaining == Result.DENIED) + AccessControlProvider accessControlProvider = accessControlProviders.iterator().next(); + if (accessControlProvider != null + && accessControlProvider.getState() == State.ACTIVE + && accessControlProvider.getAccessControl() != null) { - return false; + Result remaining = checker.allowed(accessControlProvider.getAccessControl()); + if (remaining == Result.DEFER) + { + remaining = accessControlProvider.getAccessControl().getDefault(); + } + if (remaining == Result.DENIED) + { + return false; + } } } - // getting here means either allowed or abstained from all plugins return true; } @@ -486,92 +481,6 @@ public class SecurityManager implements } } - @Override - public void stateChanged(ConfiguredObject object, State oldState, State newState) - { - if(_managementMode) - { - //AccessControl is disabled in ManagementMode - return; - } - - if(object instanceof AccessControlProvider) - { - if(newState == State.ACTIVE) - { - synchronized (_plugins) - { - AccessControl accessControl = ((AccessControlProvider)object).getAccessControl(); - String pluginTypeName = getPluginTypeName(accessControl); - - _plugins.put(pluginTypeName, accessControl); - } - } - else if(newState == State.DELETED) - { - synchronized (_plugins) - { - AccessControl control = ((AccessControlProvider)object).getAccessControl(); - String pluginTypeName = getPluginTypeName(control); - - // Remove the type->control mapping for this type key only if the - // given control is actually referred to. - if(_plugins.containsValue(control)) - { - // If we are removing this control, check if another of the same - // type already exists on the broker and use it in instead. - AccessControl other = null; - Collection> providers = _broker.getAccessControlProviders(); - for(AccessControlProvider p : providers) - { - if(p == object || p.getState() != State.ACTIVE) - { - //we don't count ourself as another - continue; - } - - AccessControl ac = p.getAccessControl(); - if(pluginTypeName.equals(getPluginTypeName(ac))) - { - other = ac; - break; - } - } - - if(other != null) - { - //Another control of this type was found, use it instead - _plugins.replace(pluginTypeName, control, other); - } - else - { - //No other was found, remove the type entirely - _plugins.remove(pluginTypeName); - } - } - } - } - } - } - - @Override - public void childAdded(ConfiguredObject object, ConfiguredObject child) - { - // no op - } - - @Override - public void childRemoved(ConfiguredObject object, ConfiguredObject child) - { - // no op - } - - @Override - public void attributeSet(ConfiguredObject object, String attributeName, Object oldAttributeValue, Object newAttributeValue) - { - // no op - } - public boolean authoriseConfiguringBroker(String configuredObjectName, Class configuredObjectType, Operation configuredObjectOperation) { String description = String.format("%s %s '%s'", Modified: qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java?rev=1650708&r1=1650707&r2=1650708&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java (original) +++ qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/SecurityManagerTest.java Sat Jan 10 01:20:02 2015 @@ -30,6 +30,7 @@ import static org.mockito.Mockito.verify import static org.mockito.Mockito.when; import java.security.AccessControlException; +import java.util.Collections; import org.apache.qpid.server.binding.BindingImpl; import org.apache.qpid.server.consumer.ConsumerImpl; @@ -68,11 +69,13 @@ public class SecurityManagerTest extends AccessControlProvider aclProvider = mock(AccessControlProvider.class); when(aclProvider.getAccessControl()).thenReturn(_accessControl); + when(aclProvider.getState()).thenReturn(State.ACTIVE); when(_virtualHost.getName()).thenReturn(TEST_VIRTUAL_HOST); - _securityManager = new SecurityManager(mock(Broker.class), false); - _securityManager.stateChanged(aclProvider, State.UNINITIALIZED, State.ACTIVE); + Broker broker = mock(Broker.class); + when(broker.getAccessControlProviders()).thenReturn(Collections.singleton(aclProvider)); + _securityManager = new SecurityManager(broker, false); } public void testAuthoriseCreateBinding() Modified: qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java?rev=1650708&r1=1650707&r2=1650708&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java (original) +++ qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/AccessControlProviderRestTest.java Sat Jan 10 01:20:02 2015 @@ -125,34 +125,28 @@ public class AccessControlProviderRestTe public void testReplaceAccessControlProvider() throws Exception { - String accessControlProviderName1 = getTestName() + "1"; - //verify that the access control provider doesn't exist, and - //in doing so implicitly verify that the 'denied' user can - //actually currently connect because no ACL is in effect yet - getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); - assertAccessControlProviderExistence(accessControlProviderName1, false); //create the access control provider using the 'allowed' user getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - int responseCode = createAccessControlProvider(accessControlProviderName1, _aclFileContent1); + int responseCode = createAccessControlProvider(getTestName(), _aclFileContent1); assertEquals("Access control provider creation should be allowed", 201, responseCode); //verify it exists with the 'allowed' user - assertAccessControlProviderExistence(accessControlProviderName1, true); + assertAccessControlProviderExistence(getTestName(), true); //verify the 'denied' and 'other' user can no longer access the management //interface due to the just-created ACL file now preventing them getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); - assertCanAccessManagementInterface(accessControlProviderName1, false); + assertCanAccessManagementInterface(getTestName(), false); getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER); - assertCanAccessManagementInterface(accessControlProviderName1, false); + assertCanAccessManagementInterface(getTestName(), false); //create the replacement access control provider using the 'allowed' user. String accessControlProviderName2 = getTestName() + "2"; getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - responseCode = createAccessControlProvider(accessControlProviderName2, _aclFileContent2); - assertEquals("Access control provider creation should be allowed", 201, responseCode); + responseCode = createAccessControlProvider(getTestName(), _aclFileContent2); + assertEquals("Access control provider creation should be allowed", 200, responseCode); //Verify that it took effect immediately, replacing the first access control provider @@ -162,11 +156,6 @@ public class AccessControlProviderRestTe getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER); assertCanAccessManagementInterface(accessControlProviderName2, true); - //remove the original access control provider using the 'allowed' user - getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName1, "DELETE"); - assertEquals("Access control provider deletion should be allowed", 200, responseCode); - assertAccessControlProviderExistence(accessControlProviderName1, false); //verify the 'denied' user still can't access the management interface, the 'other' user still can, thus //confirming that the second access control provider is still in effect @@ -177,61 +166,6 @@ public class AccessControlProviderRestTe } - public void testAddAndRemoveSecondAccessControlProviderReinstatesOriginal() throws Exception - { - String accessControlProviderName1 = getTestName() + "1"; - - //verify that the access control provider doesn't exist, and - //in doing so implicitly verify that the 'denied' user can - //actually currently connect because no ACL is in effect yet - getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); - assertAccessControlProviderExistence(accessControlProviderName1, false); - - //create the access control provider using the 'allowed' user - getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - int responseCode = createAccessControlProvider(accessControlProviderName1, _aclFileContent1); - assertEquals("Access control provider creation should be allowed", 201, responseCode); - - //verify it exists with the 'allowed' user - assertAccessControlProviderExistence(accessControlProviderName1, true); - - //verify the 'denied' and 'other' user can no longer access the management - //interface due to the just-created ACL file now preventing them - getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); - assertCanAccessManagementInterface(accessControlProviderName1, false); - getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER); - assertCanAccessManagementInterface(accessControlProviderName1, false); - - //create the replacement access control provider using the 'allowed' user. - String accessControlProviderName2 = getTestName() + "2"; - getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - responseCode = createAccessControlProvider(accessControlProviderName2, _aclFileContent2); - assertEquals("Access control provider creation should be allowed", 201, responseCode); - - //Verify that it took effect immediately, replacing the first access control provider - - //verify the 'denied' user still can't access the management interface, but the 'other' user now CAN. - getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); - assertCanAccessManagementInterface(accessControlProviderName2, false); - getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER); - assertCanAccessManagementInterface(accessControlProviderName2, true); - - //remove the second access control provider using the 'allowed' user - getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName2, "DELETE"); - assertEquals("Access control provider deletion should be allowed", 200, responseCode); - assertAccessControlProviderExistence(accessControlProviderName2, false); - - //verify the 'denied' user still can't access the management interface, the - //'other' now CANT again, the 'allowed' still can, thus confirming that the - //first access control provider is now in effect once again - getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); - assertCanAccessManagementInterface(accessControlProviderName2, false); - getRestTestHelper().setUsernameAndPassword(OTHER_USER, OTHER_USER); - assertCanAccessManagementInterface(accessControlProviderName2, false); - getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - assertCanAccessManagementInterface(accessControlProviderName2, true); - } public void testRemovalOfAccessControlProviderInErrorStateUsingManagementMode() throws Exception { Modified: qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java?rev=1650708&r1=1650707&r2=1650708&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java (original) +++ qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java Sat Jan 10 01:20:02 2015 @@ -714,19 +714,6 @@ public class BrokerACLTest extends QpidR /* === AccessControlProvider === */ - public void testCreateAccessControlProviderAllowed() throws Exception - { - getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - - String accessControlProviderName = getTestName(); - - assertAccessControlProviderExistence(accessControlProviderName, false); - - int responseCode = createAccessControlProvider(accessControlProviderName); - assertEquals("Access control provider creation should be allowed", 201, responseCode); - - assertAccessControlProviderExistence(accessControlProviderName, true); - } public void testCreateAccessControlProviderDenied() throws Exception { @@ -746,18 +733,13 @@ public class BrokerACLTest extends QpidR { getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - String accessControlProviderName = getTestName(); - - assertAccessControlProviderExistence(accessControlProviderName, false); - - int responseCode = createAccessControlProvider(accessControlProviderName); - assertEquals("Access control provider creation should be allowed", 201, responseCode); + String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE; assertAccessControlProviderExistence(accessControlProviderName, true); getRestTestHelper().setUsernameAndPassword(DENIED_USER, DENIED_USER); - responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE"); + int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE"); assertEquals("Access control provider deletion should be denied", 403, responseCode); assertAccessControlProviderExistence(accessControlProviderName, true); @@ -767,16 +749,12 @@ public class BrokerACLTest extends QpidR { getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - String accessControlProviderName = getTestName(); - - assertAccessControlProviderExistence(accessControlProviderName, false); + String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE; - int responseCode = createAccessControlProvider(accessControlProviderName); - assertEquals("Access control provider creation should be allowed", 201, responseCode); assertAccessControlProviderExistence(accessControlProviderName, true); - responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE"); + int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "DELETE"); assertEquals("Access control provider deletion should be allowed", 200, responseCode); assertAccessControlProviderExistence(accessControlProviderName, false); @@ -786,12 +764,7 @@ public class BrokerACLTest extends QpidR { getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - String accessControlProviderName = getTestName(); - - assertAccessControlProviderExistence(accessControlProviderName, false); - - int responseCode = createAccessControlProvider(accessControlProviderName); - assertEquals("Access control provider creation should be allowed", 201, responseCode); + String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE; assertAccessControlProviderExistence(accessControlProviderName, true); @@ -800,7 +773,7 @@ public class BrokerACLTest extends QpidR Map attributes = new HashMap(); attributes.put(AccessControlProvider.NAME, accessControlProviderName); attributes.put(FileBasedGroupProvider.PATH, aclFile.getAbsolutePath()); - responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes); + int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes); assertEquals("Setting of access control provider attributes should be allowed", 200, responseCode); } @@ -808,12 +781,7 @@ public class BrokerACLTest extends QpidR { getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER); - String accessControlProviderName = getTestName(); - - assertAccessControlProviderExistence(accessControlProviderName, false); - - int responseCode = createAccessControlProvider(accessControlProviderName); - assertEquals("Access control provider creation should be allowed", 201, responseCode); + String accessControlProviderName = TestBrokerConfiguration.ENTRY_NAME_ACL_FILE; assertAccessControlProviderExistence(accessControlProviderName, true); @@ -823,7 +791,7 @@ public class BrokerACLTest extends QpidR attributes.put(GroupProvider.NAME, accessControlProviderName); attributes.put(GroupProvider.TYPE, FileBasedGroupProviderImpl.GROUP_FILE_PROVIDER_TYPE); attributes.put(FileBasedGroupProvider.PATH, "/path/to/file"); - responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes); + int responseCode = getRestTestHelper().submitRequest("accesscontrolprovider/" + accessControlProviderName, "PUT", attributes); assertEquals("Setting of access control provider attributes should be denied", 403, responseCode); } --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org