Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-4727

C++ Broker ACL rules provide no way to match default exchange


    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.20
    • Fix Version/s: 0.23
    • Component/s: C++ Broker
    • Labels:


      ACL rules use 'name=value' formatting. In the case of ACL rule PUBLISH EXCHANGE the exchange name must be specified with a name= setting. However, in the case of the default exchange the exchange name is blank. There is no way to specify a blank exchange name and there is no acceptable workaround.

      The proposal is to add keyword amq.default to the ACL syntax so that when a PUBLISH EXCHANGE rule exchange name is specified with this keyword then the run-time rule will actually match a blank exchange name.

       acl allow bob publish exchange name=amq.default routingkey=bobPrivate
       acl deny  all publish exchange name=amq.default routingkey=bobPrivate

      Impact assessment:

      Design consideration Proposed feature
      Threading model n/a
      Memory management n/a
      Automated testing approach easy to test
      Impact on public API Adds new keyword to ACL file syntax
      • Interoperability with implementations in other languages
      • Backwards compatibility
      No. Old code will try to match literal 'amq.default' text
      Performance implications Per-message publish exchange lookup tests a bool in the rule before checking that the name in the lookup is blank
      Security implications New method already protected by ACL
      Platform support n/a
      Logging no change
      Monitoring no change
      Management no change




            • Assignee:
              chug Chuck Rolke
              chug Chuck Rolke
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: