Qpid
  1. Qpid
  2. QPID-4292

add ACL rule to authorise access to the web management UI

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.19
    • Component/s: Java Broker
    • Labels:
      None

      Description

      Extend the ACLs rules to allow users to be denied access to the two management UIs (JMX and Web).

        Activity

        Keith Wall created issue -
        Hide
        Keith Wall added a comment -

        Tests passing. Uploaded for safe keeping. Tests with external SSO provider pending

        Show
        Keith Wall added a comment - Tests passing. Uploaded for safe keeping. Tests with external SSO provider pending
        Keith Wall made changes -
        Field Original Value New Value
        Attachment 0001-QPID-4292.patch [ 12544231 ]
        Keith Wall made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Keith Wall made changes -
        Status In Progress [ 3 ] Ready To Review [ 10006 ]
        Hide
        Keith Wall added a comment -

        Patch applied.

        Show
        Keith Wall added a comment - Patch applied.
        Keith Wall made changes -
        Attachment 0001-QPID-4292.patch [ 12544231 ]
        Hide
        Keith Wall added a comment -

        Hi Robbie, can you review this commit please?

        Show
        Keith Wall added a comment - Hi Robbie, can you review this commit please?
        Keith Wall made changes -
        Assignee Keith Wall [ k-wall ] Robbie Gemmell [ gemmellr ]
        Hide
        Keith Wall added a comment -

        We should standardise on the SC_FORBIDDEN response code and avoid the stack trace being printed to the log.

        2012-09-11 16:20:32,150 WARN  [qtp404150953-56] (RestServlet.java:475) - Caught exception 
        java.security.AccessControlException: Do not have permission to create new group 
                at org.apache.qpid.server.model.adapter.GroupProviderAdapter.createChild(GroupProviderAdapter.java:197) 
                at org.apache.qpid.server.management.plugin.servlet.rest.RestServlet.doPutWithSubjectAndActor(RestServlet.java:436) 
                at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$3.run(AbstractServlet.java:143) 
                at org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet$3.run(AbstractServlet.java:139) 
                at java.security.AccessController.doPrivileged(Native Method) 
                at javax.security.auth.Subject.doAs(Subject.java:396) 
        
        Show
        Keith Wall added a comment - We should standardise on the SC_FORBIDDEN response code and avoid the stack trace being printed to the log. 2012-09-11 16:20:32,150 WARN [qtp404150953-56] (RestServlet.java:475) - Caught exception java.security.AccessControlException: Do not have permission to create new group at org.apache.qpid.server.model.adapter.GroupProviderAdapter.createChild(GroupProviderAdapter.java:197) at org.apache.qpid.server.management.plugin.servlet. rest .RestServlet.doPutWithSubjectAndActor(RestServlet.java:436) at org.apache.qpid.server.management.plugin.servlet. rest .AbstractServlet$3.run(AbstractServlet.java:143) at org.apache.qpid.server.management.plugin.servlet. rest .AbstractServlet$3.run(AbstractServlet.java:139) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:396)
        Keith Wall made changes -
        Status Ready To Review [ 10006 ] Open [ 1 ]
        Assignee Robbie Gemmell [ gemmellr ] Keith Wall [ k-wall ]
        Keith Wall made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Keith Wall made changes -
        Status In Progress [ 3 ] Ready To Review [ 10006 ]
        Hide
        Keith Wall added a comment -

        Patch applied. Can you review please?

        Show
        Keith Wall added a comment - Patch applied. Can you review please?
        Keith Wall made changes -
        Assignee Keith Wall [ k-wall ] Robbie Gemmell [ gemmellr ]
        Hide
        Robbie Gemmell added a comment -

        looks good to me

        Show
        Robbie Gemmell added a comment - looks good to me
        Robbie Gemmell made changes -
        Status Ready To Review [ 10006 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Rob Godfrey made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Robbie Gemmell
            Reporter:
            Keith Wall
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development