qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rob Godfrey (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (QPID-4520) The deletion of autodelete queue requires ACL rights for deleting the queue
Date Fri, 29 Aug 2014 18:59:53 GMT

     [ https://issues.apache.org/jira/browse/QPID-4520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rob Godfrey resolved QPID-4520.

       Resolution: Fixed
    Fix Version/s: 0.30

> The deletion of autodelete queue requires ACL rights for deleting the queue
> ---------------------------------------------------------------------------
>                 Key: QPID-4520
>                 URL: https://issues.apache.org/jira/browse/QPID-4520
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: 0.21
>         Environment: Java broker (trunk) / Java 1.6 / RHEL 6.3
>            Reporter: JAkub Scholz
>            Assignee: Rob Godfrey
>            Priority: Minor
>             Fix For: 0.29, 0.30
> When a user creates an autodelete queue, it should be deleted when the last user disconnects
from the queue. This seems to work fine in general. But in some specific situations, the autodelete
queue isn't deleted. As an example, following scenario causes problems:
> 1) Enable ACL
> 2) Add user account the right to create the queue as autodelete queue in ACL file. Do
not give the user the right to delete the queue.
> 3) Connect with the user and create the queue
> 4) Disconnect the user
> 5) The broker attempts to delete the queue, but fails because the user doesn't have the
ACL rights to delete the queue
> 6) The queue remains in the system
> This scenario is a bit artificial, because it can be seen as mis-configuration (i.e.
giving the possibility to create the queue and not to delete the queue). But I can imagine
a situation when one user creates the queue as autodelete and other users connect to this
queue to read from it. The other users might not be supposed to delete the queue under normal
circumstances, the queeu should just get deleted after the last user disconnects.
> *In my opinion, the autodeletion should be preferred against the ACL rights.*

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message