----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/9260/#review16135 -----------------------------------------------------------
trunk/qpid/cpp/src/qpid/acl/management-schema.xml <https://reviews.apache.org/r/9260/#comment34489> On behalf of JRoss: It is a mistake to deprecate the CLI switch. Upon upgrading to this version existing installations that use the deprecated feature will break. My response: The CLI switch will not be deprecated. If "--maxConnectionsPerUser M" is specified then it will be processed before the ACL file and treated as if the ACL file held "quota connections M all". Users who use the CLI switch and have no quota connections rules in the ACL file will see the exact same user connection limits. Quota connections for user 'all' will overwrite values specified in the command line. - Chug Rolke On Feb. 1, 2013, 8:52 p.m., Chug Rolke wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/9260/ > ----------------------------------------------------------- > > (Updated Feb. 1, 2013, 8:52 p.m.) > > > Review request for qpid. > > > Description > ------- > > * Remove the --connection-limit-per-user command line switch. > * Force all quota limits to have maximum of 65530. (65535 had integer wrap > issues) > * Use static, named strings in place of "acl", "group", "all", etc., that > were sprinkled throughout. > * Add Acl file syntax to support "quota connections N user|group [, > user|group]" > * If no quotas are specified in Acl file then no quotas are enforced. > However, connections are still counted so that if later an Acl file that has > quotas is loaded then the connection counts are live and up to date. > * If a user is using his specified connection quota limit and later a new Acl > file is loaded that lowers his limit then the user's current connections are > allowed to persist. New connections from that user are denied until the user > closes enough existing connections and his quota falls to below the quota > limit. > * Users with a connection quota of 0 are denied any connections. > * Connection quota for pseudo-user "all" is applied to users who are > otherwise not named explicitly in the Acl file. > * Quota values for any user may change during Acl file processing as the user > is named in multiple Acl rules or is included in groups. The connection quota > values are stored for users as the Acl file is read in serial order. New > values specified in later rules in the Acl file overwrite any existing values. > > > This addresses bug QPID-4054. > https://issues.apache.org/jira/browse/QPID-4054 > > > Diffs > ----- > > trunk/qpid/cpp/src/qpid/acl/Acl.h 1441609 > trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1441609 > trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h 1441609 > trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp 1441609 > trunk/qpid/cpp/src/qpid/acl/AclData.h 1441609 > trunk/qpid/cpp/src/qpid/acl/AclData.cpp 1441609 > trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1441609 > trunk/qpid/cpp/src/qpid/acl/AclReader.h 1441609 > trunk/qpid/cpp/src/qpid/acl/AclReader.cpp 1441609 > trunk/qpid/cpp/src/qpid/acl/AclTopicMatch.h 1441609 > trunk/qpid/cpp/src/qpid/acl/management-schema.xml 1441609 > trunk/qpid/cpp/src/tests/acl.py 1441609 > trunk/qpid/cpp/src/tests/run_acl_tests 1441609 > > Diff: https://reviews.apache.org/r/9260/diff/ > > > Testing > ------- > > Three new sections are added to the Acl self test to test individual users, > groups, the "all" user, and explicit connection denial with a quota of zero. > > > Thanks, > > Chug Rolke > >
