qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: Does Qpid C++ behave reasonably when a AMQP 1.0 link triggers ACL error
Date Mon, 13 Apr 2015 11:13:44 GMT
On 04/12/2015 08:43 PM, Jakub Scholz wrote:
> If I read this correctly, it seems to first confirm the attach and only
> then it does the detach with the error. A client application seems to
> confused into thinking that the attach was fine, while in reality the
> attach wasn't fine.
>
> I was wondering whether it wouldn't be more clean to refuse the attach in
> the same way as it is done when the ACL rights are OK but the node doesn't
> exist.

Even in that case, the broker issues an attach, then detaches. The one 
differences in terms of the c++ broker's behaviour is that in the 
not-found case, the broker sets the source/target to null.

> I know that the AMQP 1.0 spec is quite specific when it says that
> the refusing of the link should be used when the terminus doesn't exist.
> But at the end, when the connected client doesn't have rights to access the
> terminus, it is as if it doesn't exist, or? :-o

Access permission is checked before resolving the node, so without 
permission to access a node of a given name, you cannot determine 
whether or not a node of that name exists.

> For comparison, the Java broker seems to simply close the connection
> without answering the attach. That is IMHO also not a bad idea.

Yes, that is a fair point. As Chuck mentioned, in 0-10 all errors tended 
to end up closing the session which was often felt to be overly harsh. 
This wasn't specifically for ACLs though and I have a lot of sympathy 
with the view that for security related errors, harsh is good.

One possibility would be to change the default behaviour to close the 
connection on ACL violations, but have broker level a configuration 
option to get the current behaviour if required.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message