Chuck Rolke created QPID-4560:
---------------------------------
Summary: C++ Broker Acl overpopulates decision data tables
Key: QPID-4560
URL: https://issues.apache.org/jira/browse/QPID-4560
Project: Qpid
Issue Type: Bug
Components: C++ Broker
Affects Versions: 0.21
Environment: All C++ brokers
Reporter: Chuck Rolke
Assignee: Chuck Rolke
Priority: Minor
The primary run-time decision structure for Acl processing contains rule lists
indexed by [object][action]. There are five objects and nine actions resulting
in 45 rule list roots. In actual practice, however, the broker has code only to
call 14 of these.
For instance, the broker will never call for authorisation of [link][bind] or
[method][purge].
Normal Acl writers would not specify rules to fill these rule list roots but
they are populated when rules using the "all" keyword are processed.
There is already validation map code that identifies active intersections in
the rule list but that code is unused. A relatively easy modification to the
Acl module would be to consult the validation map before loading decision data
and only proceed to install rules that may actually be called by the broker.
On small scale Acl rule sets this is not an issue or at least no one has
complained about it yet. Anticipating larger installations this proposed change
would help.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
