Alex Rudyy created QPID-4185:
--------------------------------
Summary: update ACL example not to use ALLOW-LOG for 'ACCESS'
level manager operations in order to reduce extraneous logging
Key: QPID-4185
URL: https://issues.apache.org/jira/browse/QPID-4185
Project: Qpid
Issue Type: Bug
Components: Java Broker
Affects Versions: 0.16
Reporter: Alex Rudyy
Assignee: Alex Rudyy
Priority: Minor
Fix For: 0.19
The etc/broker_example.acl file currently contains an example of what users
probably *dont* usually want to do with regards to logging ACL events for admin
management users.
By using ALLOW-LOG or DENY-LOG for all of the rules, this will have the result
of logging a lot of extraneous info to do with individual JMX calls to retrieve
attributes, get mbeaninfo, perform instanceof checks etc. Just having
managemetn consoles (our own, Jconsole, etc) will produce a lot of log spam as
a result when they poll for new info.
What most users probably want typically is to allow 'read only' events by
permissioning the 'ACCESS' operations using ALLOW and then seperately
permission the others with ALLOW-LOG, thus removing the noise and ensuring only
operations that can actually cause change are logged, e.g:
{noformat}
ACL ALLOW admin ACCESS METHOD
ACL ALLOW-LOG admin ALL METHOD
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
