[
https://issues.apache.org/activemq/browse/AMQ-826?page=comments#action_37277 ]
Nikola Goran Cutura commented on AMQ-826:
-----------------------------------------
I finished improvement together with unit test (running on external ADS). There
are two assumptions I want to confirm:
1. Composite destinations
ACL set of a composite destination is a union of ACL sets of each
particular destination. I deduced this from code (DefaultAuthorizationMap) and
implemented the same although it does not seem logical to me. Intersection of
sets would be more appropriate, I believe. Should I implement the intersection
or leave the union?
2. Wildcard destinations
Wildcards are given in authorization policy source (xml map or ldap or...)
to allow creation (primarily) of a destination in a certain namespace. Wildcard
is ">" which means any destination. This meaning is unlimited in depth i.e.
"ActiveMQ.Advisory.>" will suffice both for "ActiveMQ.Advisory.Connection" (> =
Connection, same level) and for "ActiveMQ.Advisory.Queue.ABC123" (> =
Queue.ABC123, one level more). Is this correct? Should I leave it as it is or
restrict ">" to the same level only?
> LDAP based authorization support
> --------------------------------
>
> Key: AMQ-826
> URL: https://issues.apache.org/activemq/browse/AMQ-826
> Project: ActiveMQ
> Issue Type: Improvement
> Reporter: james strachan
> Assigned To: Nikola Goran Cutura
> Attachments: LdapAuth.zip
>
>
> Patch kindly added by ngcutura - discussion thread...
> http://www.nabble.com/LDAP-Authorization-tf1851705.html#a5344494
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://issues.apache.org/activemq/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
