-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/9260/
-----------------------------------------------------------
(Updated Feb. 6, 2013, 3:39 p.m.)
Review request for qpid.
Changes
-------
This update addresses JRoss' concern about removing a CLI switch and breaking
existing installations.
The CLI switch is restored. The switch value becomes an initial value for the
pseudo-user 'all' so that it works seamlessly with the new settings in the ACL
file as proven by self test.
Description
-------
* Remove the --connection-limit-per-user command line switch.
* Force all quota limits to have maximum of 65530. (65535 had integer wrap
issues)
* Use static, named strings in place of "acl", "group", "all", etc., that were
sprinkled throughout.
* Add Acl file syntax to support "quota connections N user|group [, user|group]"
* If no quotas are specified in Acl file then no quotas are enforced. However,
connections are still counted so that if later an Acl file that has quotas is
loaded then the connection counts are live and up to date.
* If a user is using his specified connection quota limit and later a new Acl
file is loaded that lowers his limit then the user's current connections are
allowed to persist. New connections from that user are denied until the user
closes enough existing connections and his quota falls to below the quota limit.
* Users with a connection quota of 0 are denied any connections.
* Connection quota for pseudo-user "all" is applied to users who are otherwise
not named explicitly in the Acl file.
* Quota values for any user may change during Acl file processing as the user
is named in multiple Acl rules or is included in groups. The connection quota
values are stored for users as the Acl file is read in serial order. New values
specified in later rules in the Acl file overwrite any existing values.
This addresses bug QPID-4054.
https://issues.apache.org/jira/browse/QPID-4054
Diffs (updated)
-----
trunk/qpid/cpp/src/qpid/acl/Acl.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.h 1441609
trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclData.h 1441609
trunk/qpid/cpp/src/qpid/acl/AclData.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclPlugin.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclReader.h 1441609
trunk/qpid/cpp/src/qpid/acl/AclReader.cpp 1441609
trunk/qpid/cpp/src/qpid/acl/AclTopicMatch.h 1441609
trunk/qpid/cpp/src/tests/acl.py 1441609
Diff: https://reviews.apache.org/r/9260/diff/
Testing
-------
Three new sections are added to the Acl self test to test individual users,
groups, the "all" user, and explicit connection denial with a quota of zero.
Thanks,
Chug Rolke
