qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chuck Rolke (JIRA)" <j...@apache.org>
Subject [jira] [Created] (QPID-4560) C++ Broker Acl overpopulates decision data tables
Date Fri, 01 Feb 2013 21:56:12 GMT
Chuck Rolke created QPID-4560:

             Summary: C++ Broker Acl overpopulates decision data tables
                 Key: QPID-4560
                 URL: https://issues.apache.org/jira/browse/QPID-4560
             Project: Qpid
          Issue Type: Bug
          Components: C++ Broker
    Affects Versions: 0.21
         Environment: All C++ brokers
            Reporter: Chuck Rolke
            Assignee: Chuck Rolke
            Priority: Minor

The primary run-time decision structure for Acl processing contains rule lists indexed by
[object][action]. There are five objects and nine actions resulting in 45 rule list roots.
In actual practice, however, the broker has code only to call 14 of these. 

For instance, the broker will never call for authorisation of [link][bind] or [method][purge].

Normal Acl writers would not specify rules to fill these rule list roots but they are populated
when rules using the "all" keyword are processed.

There is already validation map code that identifies active intersections in the rule list
but that code is unused. A relatively easy modification to the Acl module would be to consult
the validation map before loading decision data and only proceed to install rules that may
actually be called by the broker.

On small scale Acl rule sets this is not an issue or at least no one has complained about
it yet. Anticipating larger installations this proposed change would help.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message