qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Ross (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-3614) ACLs and federation links do not work
Date Fri, 26 Sep 2014 14:42:34 GMT

    [ https://issues.apache.org/jira/browse/QPID-3614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14149229#comment-14149229
] 

Justin Ross commented on QPID-3614:
-----------------------------------

[~gsim], can this be closed?

> ACLs and federation links do not work
> -------------------------------------
>
>                 Key: QPID-3614
>                 URL: https://issues.apache.org/jira/browse/QPID-3614
>             Project: Qpid
>          Issue Type: Bug
>          Components: C++ Broker
>    Affects Versions: 0.12
>         Environment: Built from source on ubuntu 10.04 x64
>            Reporter: Brandon Pedersen
>              Labels: acl, federation
>
> PROBLEM STATEMENT:
> I cannot get broker federation to work with ACLs enabled. I keep getting "ACL denied
creating a federation link" even though my user has all permissions, on both brokers.
> STEPS TO REPRODUCE:
> - Create an acl file like the following:
> acl allow federation@QPID all all
> acl deny all all
> - Create the federation user in the sasl db
> - Using the following config:
> auth-realm=QPID
> log-enable=info+
> acl-file=/usr/local/etc/qpid/qpidd.acl
> sasl-config=/usr/local/etc/sasl2
> auth=yes
> - Start two brokers using the same config but different ports and data dirs (makes it
easy to test the exact same authentication parameters for both brokers)
> - In my case I am create a queue push route, so create a queue and do:
>  qpid-route queue add -s federation/password@localhost:5000 federation/password@localhost:5001
amq.direct myqueue
> Note that the use of a push route does not matter, I tested push and pull and both fail,
just want to point out that I am using a push route to ensure that gets tested as part of
the fix for this.
> RESULTS:
> The connection fails to get created with an error: "ACL denied creating a federation
link"
> In the debug log on the destination broker I see: 
> 2011-11-11 15:50:20 debug ACL: Lookup for id: action:create objectType:link name: with
params { }
> 2011-11-11 15:50:20 debug No successful match, defaulting to the decision mode deny
> It appear that the user ID is not getting sent across
> EXPECTED RESULTS:
> The federation link should work with proper ACLs in place



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message