qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DISPATCH-333) Add a chapter on policy to the Qpid Dispatch Router Book.
Date Fri, 02 Mar 2018 22:17:00 GMT

    [ https://issues.apache.org/jira/browse/DISPATCH-333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16384237#comment-16384237

ASF GitHub Bot commented on DISPATCH-333:

Github user bhardesty commented on a diff in the pull request:

    --- Diff: doc/new-book/configuration-security.adoc ---
    @@ -412,3 +414,356 @@ listener {
     For more information about these attributes, see xref:adding_sasl_authentication_to_incoming_connection[].
    +== Authorizing Access to Messaging Resources
    +You can restrict the number of user connections, and control access to AMQP messaging
resources by configuring _policies_.
    +=== Types of Policies
    +You can configure two different types of policies: _global policies_ and _vhost policies_.
    +Global policies::
    +Settings for the router. A global policy defines the maximum number of incoming user
connections for the router (across all vhost policies), and defines how the router should
use vhost policies.
    +Vhost policies::
    +Connection and AMQP resource limits for a messaging endpoint (called an AMQP virtual
host, or _vhost_). A vhost policy defines what a client can access on a messaging endpoint
over a particular connection.
    +A vhost is typically the name of the host to which the client connection is directed.
For example, if a client application opens a connection to the `amqp://mybroker.example.com:5672/queue01`
URL, the vhost would be `mybroker.example.com`.
    +The resource limits defined in global and vhost policies are applied to user connections
only. The limits do not affect inter-router connections or router connections that are outbound
to waypoints.
    +=== How {RouterName} Applies Policies
    +When a client connects to a router, the router determines whether to permit the connection
based on the global and vhost policies, and the following properties of the connection:
    +* The host to which the connection is directed (the vhost)
    +* The connection's authenticated user name
    +* The host from which the client is connecting (the remote host)
    +If the connection is permitted, then the router applies a vhost policy that matches the
vhost to which the connection is directed. The vhost policy limits are enforced for the lifetime
of the connection.
    --- End diff --
    I reworked this section to better account for the nuances of vhost policies.

> Add a chapter on policy to the Qpid Dispatch Router Book.
> ---------------------------------------------------------
>                 Key: DISPATCH-333
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-333
>             Project: Qpid Dispatch
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 0.7.0
>            Reporter: Ganesh Murthy
>            Assignee: Ben Hardesty
>            Priority: Minor
> Add a new chapter containing details on how policy works and how to setup policy to the
Qpid Dispatch Router Book

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org

View raw message