Qpid
  1. Qpid
  2. QPID-2570

Broker uses NotAllowedException for ACL violations, should use UnauthorisedAccessException

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.6
    • Fix Version/s: 0.7
    • Component/s: C++ Broker
    • Labels:
      None

      Description

      The broker uses NotAllowedException[1] in most places when authorisation fails. This seems wrong to me as NotAllowedException is used for specific types of invalid command requests (e.g. declaring an existing exchange with a different type, or trying to create exchanges with prohibited prefixes). As it stands it is not possible to reliably distinguish between these two very different situations in code.

      A more appropriate exception for authorisation failures would be UnauthorisedAccessException[2] which is only used in one place (when a message is sent with a userid that differs from the authenticated id).

      Obviously this breaks backwards compatibility to a degree, but I think in this case it is justified. At worst it would require applications to reconsider catching UnauthorizedAccessException wherever they are currently explicitly catching NotAllowedException.

      [1] Described in specification as indicating: "The peer tried to use a command a manner that is inconsistent with the rules described in the specification."

      [2] Described in specification as indicating: "The client attempted to work with a server entity to which it has no access due to security settings."

        Activity

        Hide
        Gordon Sim added a comment -

        Resolved by r941636.

        Show
        Gordon Sim added a comment - Resolved by r941636.

          People

          • Assignee:
            Gordon Sim
            Reporter:
            Gordon Sim
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development