qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (QPID-7921) [Java Broker] [ACL] Tactical improvements to ACL to allow managed operation invocations to be controlled
Date Fri, 22 Sep 2017 13:41:00 GMT

    [ https://issues.apache.org/jira/browse/QPID-7921?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16176432#comment-16176432
] 

ASF subversion and git services commented on QPID-7921:
-------------------------------------------------------

Commit 0ce2ecd88d2ea5871ed1224080ecae5d6a2d8b50 in qpid-broker-j's branch refs/heads/master
from [~alex.rufous]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=0ce2ecd ]

QPID-7921: [Java Broker] [ACL] Allow managed operation invocation to be controlled by existing
ACL mechanism


> [Java Broker] [ACL] Tactical improvements to ACL to allow managed operation invocations
to be controlled
> --------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7921
>                 URL: https://issues.apache.org/jira/browse/QPID-7921
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>    Affects Versions: qpid-java-broker-7.0.0
>            Reporter: Alex Rudyy
>
> The broker users should be able to allow/deny individual management operations.
> We need to improve existing rule based ACL controllers to allow specifying ACL rules
for the managed operations. The proposed ACL rule syntax for the method invocations is below:
> {noformat}
> ACL [ALLOW|DENY] principal INVOKE object_type operation_name="myOperation"
> {noformat}
> where object_type is any of below
> * BROKER
> * VIRTUALHOSTNODE
> * VIRTUALHOST
> * QUEUE
> * EXCHANGE
> * USER
> * GROUP
> We do not want to introduce new object types for other broker and virtual host children.
> The ACL rule for them can be expressed using object type BROKER or VIRTUALHOST accordingly.
> We should still support BIND/UNBIND/SHUTDOWN/PUBLISH syntax for backward compatibility.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message