qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7696) [Java Broker] Deletion of a temporary queue can crash the broker with certain ACLs
Date Mon, 13 Mar 2017 17:37:41 GMT

    [ https://issues.apache.org/jira/browse/QPID-7696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15907920#comment-15907920
] 

ASF subversion and git services commented on QPID-7696:
-------------------------------------------------------

Commit 1786743 from orudyy@apache.org in branch 'java/branches/6.1.x'
[ https://svn.apache.org/r1786743 ]

QPID-7696: Check whether actor invoking  queue delete operation has 'unbind' privilege for
queue bindings before proceeding with queue deletion

> [Java Broker] Deletion of a temporary queue can crash the broker with certain ACLs
> ----------------------------------------------------------------------------------
>
>                 Key: QPID-7696
>                 URL: https://issues.apache.org/jira/browse/QPID-7696
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-6.1.1
>            Reporter: Lorenz Quack
>             Fix For: qpid-java-6.1.2
>
>
> ACL:
> {noformat}
> ACL ALLOW-LOG testUser CREATE QUEUE temporary="true"
> ACL ALLOW-LOG testUser DELETE QUEUE temporary="true"
> ACL ALLOW-LOG testUser ACCESS ALL
> ACL ALLOW-LOG admin ALL ALL
> ACL DENY-LOG ALL ALL
> {noformat}
> client code:
> {code}
>     /* create connection */
>     Session session = connection.createSession(true, Session.SESSION_TRANSACTED);
>     TemporaryQueue temporaryQueue = session.createTemporaryQueue();
>     temporaryQueue.delete();
>    /* cleanup */
> {code}
> This crashes the broker v6.1.1
> {noformat}
> ########################################################################
> #
> # Unhandled Exception java.security.AccessControlException: Permission DELETE is denied
for : Binding 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' on Queue 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4'
Exchange 'amq.direct' in Thread IO-/127.0.0.1:53477
> #
> # Exiting
> #
> ########################################################################
> java.security.AccessControlException: Permission DELETE is denied for : Binding 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4'
on Queue 'TempQueuec64ba00d-9b7c-44f2-9217-80c954234ce4' Exchange 'amq.direct'
> 	at org.apache.qpid.server.model.AbstractConfiguredObject.authorise(AbstractConfiguredObject.java:2959)
> 	at org.apache.qpid.server.model.AbstractConfiguredObject.authorise(AbstractConfiguredObject.java:2891)
> 	at org.apache.qpid.server.model.AbstractConfiguredObject.authoriseSetAttributes(AbstractConfiguredObject.java:2970)
> 	at org.apache.qpid.server.model.AbstractConfiguredObject$15.execute(AbstractConfiguredObject.java:1659)
> 	at org.apache.qpid.server.model.AbstractConfiguredObject$15.execute(AbstractConfiguredObject.java:1629)
> 	at org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:632)
> 	at org.apache.qpid.server.model.AbstractConfiguredObject$2.execute(AbstractConfiguredObject.java:625)
> 	at org.apache.qpid.server.configuration.updater.TaskExecutorImpl$TaskLoggingWrapper.execute(TaskExecutorImpl.java:240)
> 	at org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper$1.run(TaskExecutorImpl.java:312)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:360)
> 	at org.apache.qpid.server.configuration.updater.TaskExecutorImpl$CallableWrapper.call(TaskExecutorImpl.java:305)
> 	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> 	at java.lang.Thread.run(Thread.java:745)
> Process finished with exit code 1
> {noformat}
> I have not tested with other versions of the broker, yet.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message