qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7934) [Java Broker] [ACL] A recovered RuleBasedVirtualHostAccessControlProvider doesn’t tell the virtualhost about updates to its rule-state
Date Fri, 29 Sep 2017 12:32:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-7934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16185757#comment-16185757
] 

ASF subversion and git services commented on QPID-7934:
-------------------------------------------------------

Commit d4d408f27fed8f5cb9c3180b3d0167be069ae690 in qpid-broker-j's branch refs/heads/master
from [~k-wall]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=d4d408f ]

QPID-7934: [Java Broker] [Model [ACL] Ensure that RuleBasedAccessControlProvider reports changes
in the rule set to the control point (Broker/VirtualHost)

* Added new ACO#postSetAttributes that is fired once all attributes specified by a setAttributes
call have completed their change.
* Refactored AbstractCommonRuleBasedAccessControlProvider implement the new method to update
the controller's state
* Corrected AbstractVirtualHost to install access control listeners consistently on the recovery
and restart paths.


> [Java Broker] [ACL] A recovered RuleBasedVirtualHostAccessControlProvider doesn’t tell
the virtualhost about updates to its rule-state
> --------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7934
>                 URL: https://issues.apache.org/jira/browse/QPID-7934
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>            Reporter: Keith Wall
>            Priority: Minor
>
> A recovered {{RuleBasedVirtualHostAccessControlProvider}} doesn’t tell its virtualhost
about changes to itself, so the virtualhost doesn’t react to changes in its state (i.e.
the rule-set).  This issue exists on the normal Broker start-up path.  It means that if the
user attempts to change a rule-set the changes are not applied.
> If a new RuleBasedVirtualHostAccessControlProvider is added, changes made to it are reported
properly to the VirtualHost.  (This is why {{VirtualHostAccessControlProviderRestTest}} does
not fail).
> The issue is that {{AbstractVirtualHost#postResolveChildren}} fails to add state listeners
to existing {{VirtualHostAccessControlProviders}}.  The same issue applies on the virtualhost
restart path (much like QPID-7933).
> There is a second problem that lies behind the first.  If you fix #postResolveChildren
to install the listener on the existing VHACP, you find that the VH still fails to update
its ACL controller state probably after changes to the provider.  This problem is that {{AbstractVirtualHost#updateAccessControl}}
gets called (by the super call at line AbstractCommonRuleBasedAccessControlProvider.java:70)
before {{AbstractLegacyAccessControlProvider#recreateAccessController}} on the following line
so the VH continues to stale a stale controller.  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message