[ENTESB-7394] RBAC - Hierarchical nature of ACLs preventing control of specific mBean operations on broker queues - JBoss Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: jboss-fuse-6.3
Fix Version/s: jboss-fuse-6.3-patches, fuse-7.0
Component/s: Hawtio, Karaf
Labels:
None
Environment:

JBoss A-MQ 6.3 R4 (283)

Steps to Reproduce:

Hide

Config attached that demonstrates the issue.

1) Extract jboss-a-mq-6.3.0.redhat-283.zip
2) Copy the attached configurations to the instance
3) Start the instance
4) With admin user, log into Hawtio and create the following queues: INPUT, INPUT.ORDERS, TEST
5) Send a persistent message to each queue
6) With the "admin" user browse to the queues to see if the "Delete" button is available to remove the message
7) Login with the "test", browse the queues to see if the "Delete" button is available to remove the message

Expected Behavior: The "test" user should only have access to remove operations on the TEST queue.

Actual Behavior: The "test" user has access to remove operations on all queues

Show
Config attached that demonstrates the issue. 1) Extract jboss-a-mq-6.3.0.redhat-283.zip 2) Copy the attached configurations to the instance 3) Start the instance 4) With admin user, log into Hawtio and create the following queues: INPUT, INPUT.ORDERS, TEST 5) Send a persistent message to each queue 6) With the "admin" user browse to the queues to see if the "Delete" button is available to remove the message 7) Login with the "test", browse the queues to see if the "Delete" button is available to remove the message Expected Behavior: The "test" user should only have access to remove operations on the TEST queue. Actual Behavior: The "test" user has access to remove operations on all queues

Description

The hierarchical nature of ACLs appears to be preventing control of MBean operations for specific queues. For example, providing access to the remove* MBeans of a queue to only a specific role and specific queue.