qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuck Rolke (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-4123) C++ Broker Acl creates too many run-time rules
Date Mon, 18 Feb 2013 01:53:12 GMT

     [ https://issues.apache.org/jira/browse/QPID-4123?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Chuck Rolke updated QPID-4123:

    Fix Version/s: Future
> C++ Broker Acl creates too many run-time rules
> ----------------------------------------------
>                 Key: QPID-4123
>                 URL: https://issues.apache.org/jira/browse/QPID-4123
>             Project: Qpid
>          Issue Type: Improvement
>          Components: C++ Broker
>    Affects Versions: 0.16
>            Reporter: Chuck Rolke
>            Assignee: Chuck Rolke
>            Priority: Minor
>             Fix For: Future
> The Acl module creates a table rules in a two dimensional array. The typical reference
to this table is: actionList[action][objType].
> When an Acl rule from the file is processed and the action or objType is '*' then the
rule is propagated into the actionList table at every row or column even when the action/object
pair will never be references.
> For example a rule such as
>  acl allow bob publish * name=X routingkey=a.b.c
> will put the rule into publish/queue, publish/exchange, publish/broker, etc. even when
only publish/exchange will ever be referenced.
> In AclModule.h a validationMap is created that identifies which intersections in the
actionList are ever used but this map is not used.
> With 5 objects and 9 actions there are 45 actionList entries. Of these only 13 are ever
referenced for authorise lookups.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message