We have real customer requirements for both the virtual host level ACLs, where prod deployments restrict incoming clients to one vh only, but allow all artifacts on that vh for that user. We also need to retain the firewall, or at least the config/features, since that was a priority feature enhancement which we need to continue supporting,
Hth, Marnie On Tue, May 11, 2010 at 3:37 PM, Rajith Attapattu (JIRA) < qpid-...@incubator.apache.org> wrote: > > [ > https://issues.apache.org/jira/browse/QPID-2539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866162#action_12866162] > > Rajith Attapattu commented on QPID-2539: > ---------------------------------------- > > 1. I can see the value of virtual host for the current setup, but going > forward do we have virtual hosts in AMQP 1.0 ? So it worth it doing so late > in the game? > > I am not opposed to having a virtual host object in the ACL file as the > Java broker is using that. > The c++ broker can easily ignore it. > My question was more about whether it's really worth spending effort on > something that we know want be there for long. > If you have customer requests for protecting virtual hosts with ACL then it > is fine (All though I think this is redundant as the objects within a > virtual host is covered anyways). > But if there is no interest from the users, then I'd say don't bother. > > ADK: This is required for the Firewall plugin. Whether the Firewall plugin > is required is another question entirely. > > RA: Good question, Aidan and I had discussed on the qpid dev list about > using ACL to validate the IP addresses instead of maintaining a separate > firewall plugin. > The C++ broker does have an outstanding JIRA for something similar > to the firewall plugin which we hope to implement using ACL. > We were planning to have that as an optional feature to ensure > backwards compatibility. > > So if you want ACL to restrict IP address you need to explicitly > enable it in the ACL module. > The config option (Not the CONFIG object) you talked about is going > to be handy here. > > I am bit swamped these days, hopefully when I get some free time, I will > try to put my thoughts into a wiki page to capture the requirements and > share some ideas with you. > Perhaps then we can open some more concrete JIRA's to focus on those > individual areas. > > > Update ACL file syntax to be clearer and add extra operations > > ------------------------------------------------------------- > > > > Key: QPID-2539 > > URL: https://issues.apache.org/jira/browse/QPID-2539 > > Project: Qpid > > Issue Type: Sub-task > > Components: Java Broker > > Reporter: Andrew Kennedy > > Fix For: 0.7 > > > > > > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:dev-subscr...@qpid.apache.org > >
