qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DISPATCH-333) Add a chapter on policy to the Qpid Dispatch Router Book.
Date Fri, 02 Mar 2018 22:17:00 GMT

    [ https://issues.apache.org/jira/browse/DISPATCH-333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16384237#comment-16384237
] 

ASF GitHub Bot commented on DISPATCH-333:
-----------------------------------------

Github user bhardesty commented on a diff in the pull request:

    https://github.com/apache/qpid-dispatch/pull/255#discussion_r171977372
  
    --- Diff: doc/new-book/configuration-security.adoc ---
    @@ -412,3 +414,356 @@ listener {
     
     For more information about these attributes, see xref:adding_sasl_authentication_to_incoming_connection[].
     --
    +
    +== Authorizing Access to Messaging Resources
    +
    +You can restrict the number of user connections, and control access to AMQP messaging
resources by configuring _policies_.
    +
    +=== Types of Policies
    +
    +You can configure two different types of policies: _global policies_ and _vhost policies_.
    +
    +Global policies::
    +Settings for the router. A global policy defines the maximum number of incoming user
connections for the router (across all vhost policies), and defines how the router should
use vhost policies.
    +
    +Vhost policies::
    +Connection and AMQP resource limits for a messaging endpoint (called an AMQP virtual
host, or _vhost_). A vhost policy defines what a client can access on a messaging endpoint
over a particular connection.
    ++
    +[NOTE]
    +====
    +A vhost is typically the name of the host to which the client connection is directed.
For example, if a client application opens a connection to the `amqp://mybroker.example.com:5672/queue01`
URL, the vhost would be `mybroker.example.com`.
    +====
    +
    +The resource limits defined in global and vhost policies are applied to user connections
only. The limits do not affect inter-router connections or router connections that are outbound
to waypoints.
    +
    +=== How {RouterName} Applies Policies
    +
    +When a client connects to a router, the router determines whether to permit the connection
based on the global and vhost policies, and the following properties of the connection:
    +
    +* The host to which the connection is directed (the vhost)
    +* The connection's authenticated user name
    +* The host from which the client is connecting (the remote host)
    +
    +If the connection is permitted, then the router applies a vhost policy that matches the
vhost to which the connection is directed. The vhost policy limits are enforced for the lifetime
of the connection.
    +
    --- End diff --
    
    I reworked this section to better account for the nuances of vhost policies.


> Add a chapter on policy to the Qpid Dispatch Router Book.
> ---------------------------------------------------------
>
>                 Key: DISPATCH-333
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-333
>             Project: Qpid Dispatch
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 0.7.0
>            Reporter: Ganesh Murthy
>            Assignee: Ben Hardesty
>            Priority: Minor
>
> Add a new chapter containing details on how policy works and how to setup policy to the
Qpid Dispatch Router Book



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message