> On 2011-12-05 18:44:53, Gordon Sim wrote:
> > /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h, line 88
> > <https://reviews.apache.org/r/2988/diff/1/?file=61523#file61523line88>
> >
> > The last sentence in this comment isn't entirely true... it will only
> > compare the id against the username if the userid of the connection was in
> > the default domain. Not a big issue, I just got confused when first reading
> > this.
Updated to: * If id has the default realm will also compare plain username.
> On 2011-12-05 18:44:53, Gordon Sim wrote:
> > /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h, line 133
> > <https://reviews.apache.org/r/2988/diff/1/?file=61523#file61523line133>
> >
> > Does isDefaultRealm get initialised anywhere?
It should be initialized in the ctor, will do that.
- Alan
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2988/#review3627
-----------------------------------------------------------
On 2011-12-01 21:09:19, Alan Conway wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/2988/
> -----------------------------------------------------------
>
> (Updated 2011-12-01 21:09:19)
>
>
> Review request for qpid, Gordon Sim and Ted Ross.
>
>
> Summary
> -------
>
> QPID-3652: Fix cluster authentication.
>
> Only allow brokers that authenticate as the cluster-username to join a
> cluster.
>
> New broker first connects to a cluster broker authenticates as the
> cluster-username
> and sends its CPG member ID to the qpid.cluster-credentials exchange.
> The cluster broker that subsequently acts as updater verifies that the
> credentials are
> valid before connecting to give the update.
>
> NOTE: If you are using an ACL, the cluster-username must be allowed to
> publish to the qpid.cluster-credentials exchange. E.g. in your ACL file:
>
> acl allow foo@QPID publish exchange name=qpid.cluster-credentials
>
>
> This addresses bug QPID-3652.
> https://issues.apache.org/jira/browse/QPID-3652
>
>
> Diffs
> -----
>
> /trunk/qpid/cpp/rubygen/amqpgen.rb 1209052
> /trunk/qpid/cpp/src/Makefile.am 1209052
> /trunk/qpid/cpp/src/cluster.mk 1209052
> /trunk/qpid/cpp/src/qpid/UrlArray.h PRE-CREATION
> /trunk/qpid/cpp/src/qpid/UrlArray.cpp PRE-CREATION
> /trunk/qpid/cpp/src/qpid/broker/ConnectionState.h 1209052
> /trunk/qpid/cpp/src/qpid/broker/SemanticState.h 1209052
> /trunk/qpid/cpp/src/qpid/broker/SemanticState.cpp 1209052
> /trunk/qpid/cpp/src/qpid/client/FailoverListener.cpp 1209052
> /trunk/qpid/cpp/src/qpid/cluster/Cluster.h 1209052
> /trunk/qpid/cpp/src/qpid/cluster/Cluster.cpp 1209052
> /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.h PRE-CREATION
> /trunk/qpid/cpp/src/qpid/cluster/CredentialsExchange.cpp PRE-CREATION
> /trunk/qpid/cpp/src/qpid/cluster/FailoverExchange.cpp 1209052
> /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.h 1209052
> /trunk/qpid/cpp/src/qpid/cluster/InitialStatusMap.cpp 1209052
> /trunk/qpid/cpp/src/tests/InitialStatusMap.cpp 1209052
> /trunk/qpid/cpp/src/tests/brokertest.py 1209052
> /trunk/qpid/cpp/src/tests/cluster_authentication_soak.cpp 1209052
> /trunk/qpid/cpp/src/tests/cluster_tests.py 1209052
> /trunk/qpid/cpp/xml/cluster.xml 1209052
>
> Diff: https://reviews.apache.org/r/2988/diff
>
>
> Testing
> -------
>
> 3 new tests in cluster_tests.py, tested by hand with ANONYMOUS, PLAIN and
> DIGEST-MD5 mechanisms.
>
>
> Thanks,
>
> Alan
>
>
