[
https://issues.apache.org/jira/browse/QPID-8565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17438691#comment-17438691
]
ASF GitHub Bot commented on QPID-8565:
--------------------------------------
mklaca commented on pull request #113:
URL: https://github.com/apache/qpid-broker-j/pull/113#issuecomment-960816319
Hi Alex, regarding the CONNECTION_LIMIT and CONNECTION_FREQUENCY_LIMIT
CONNECTION_LIMIT and CONNECTION_FREQUENCY_LIMIT syntax was kept on because
of the compatibility of the connection limit plugin with existing acl files and
so the acl plugin and connection limit plugin can use the same configuration
file. It simplifies the transition.
If you do not like the warning message then it can be fixed.
If you want to drop CONNECTION_LIMIT and CONNECTION_FREQUENCY_LIMIT syntax
from acl files then it should be removed completely from Property and
AclRulePredicatesBuilder class, including support of the acl files from
connection limit plugin.
This is refactoring task and it should not have any impact on the
functionality. Any functional changes should be done in separate task.
But the most important is that the actual code has a bug.
Let have an acl file with following line:
`ACL ALLOW all ACCESS VIRTUALHOST connection_limit=10
connection_frequency_limit=12`
It silently passes the parsing with neither warning nor exception and it
looks like that everything is fine. But acl rule is dysfunctional. The rule
never matches because any object never has CONNECTION_LIMIT and
CONNECTION_FREQUENCY_LIMIT property and so the rule is always skipped.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
> [Broker-J] Enhancement of ACL rule predicates evaluation
> --------------------------------------------------------
>
> Key: QPID-8565
> URL: https://issues.apache.org/jira/browse/QPID-8565
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Marek Laca
> Priority: Minor
> Labels: Broker, Java
>
> The access control plugin checks the rights of the user to perform an action
> on the broker's component. The access control plugin iterates through the ACL
> rules and checks their predicates. The user action is denied or allowed based
> on the test result.
> The aim of this task are refactoring of the code that is required for the
> [QPID-8487|https://issues.apache.org/jira/browse/QPID-8487] and
> [QPID-8488|https://issues.apache.org/jira/browse/QPID-8488], improving the
> test of the ACL rule predicates and removing useless classes. Changes should
> not have any impact on the functionality of the access control plugin.
> The ObjectProperties class has two responsibilities, it holds the rule
> predicates and also the objects properties that are checked. The
> responsibilities of ObjectProperties class should be split because the code
> should honor the principle of one responsibility per class.
> The Rule class is treated as immutable but the immutability is not enforce by
> the code.
> The Action, AclAction and ClientAction classes are only data holders that
> don't have any real responsibility.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
