qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Rudyy (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-7934) [Java Broker] [ACL] A recovered RuleBasedVirtualHostAccessControlProvider doesn't tell the virtualhost about updates to its rule-state
Date Mon, 13 Nov 2017 17:55:00 GMT

     [ https://issues.apache.org/jira/browse/QPID-7934?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alex Rudyy updated QPID-7934:
-----------------------------
    Summary: [Java Broker] [ACL] A recovered RuleBasedVirtualHostAccessControlProvider doesn't
tell the virtualhost about updates to its rule-state  (was: [Java Broker] [ACL] A recovered
RuleBasedVirtualHostAccessControlProvider doesn’t tell the virtualhost about updates to
its rule-state)

> [Java Broker] [ACL] A recovered RuleBasedVirtualHostAccessControlProvider doesn't tell
the virtualhost about updates to its rule-state
> --------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7934
>                 URL: https://issues.apache.org/jira/browse/QPID-7934
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-6.1, qpid-java-6.1.4
>            Reporter: Keith Wall
>            Assignee: Keith Wall
>            Priority: Minor
>             Fix For: qpid-java-broker-7.0.0
>
>
> A recovered {{RuleBasedVirtualHostAccessControlProvider}} doesn’t tell its virtualhost
about changes to itself, so the virtualhost doesn’t react to changes in its state (i.e.
the rule-set).  This issue exists on the normal Broker start-up path.  It means that if the
user attempts to change a rule-set the changes are not applied.
> If a new RuleBasedVirtualHostAccessControlProvider is added, changes made to it are reported
properly to the VirtualHost.  (This is why {{VirtualHostAccessControlProviderRestTest}} does
not fail).
> The issue is that {{AbstractVirtualHost#postResolveChildren}} fails to add state listeners
to existing {{VirtualHostAccessControlProviders}}.  The same issue applies on the virtualhost
restart path (much like QPID-7933).
> There is a second problem that lies behind the first.  If you fix #postResolveChildren
to install the listener on the existing VHACP, you find that the VH still fails to update
its ACL controller state probably after changes to the provider.  This problem is that {{AbstractVirtualHost#updateAccessControl}}
gets called (by the super call at line AbstractCommonRuleBasedAccessControlProvider.java:70)
before {{AbstractLegacyAccessControlProvider#recreateAccessController}} on the following line
so the VH continues to stale a stale controller.  
> The user can work around the problem by restarting the Broker.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message