[
https://issues.apache.org/jira/browse/QPID-4560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chuck Rolke resolved QPID-4560.
-------------------------------
Resolution: Duplicate
See https://issues.apache.org/jira/browse/QPID-4123
> C++ Broker Acl overpopulates decision data tables
> -------------------------------------------------
>
> Key: QPID-4560
> URL: https://issues.apache.org/jira/browse/QPID-4560
> Project: Qpid
> Issue Type: Bug
> Components: C++ Broker
> Affects Versions: 0.21
> Environment: All C++ brokers
> Reporter: Chuck Rolke
> Assignee: Chuck Rolke
> Priority: Minor
>
> The primary run-time decision structure for Acl processing contains rule
> lists indexed by [object][action]. There are five objects and nine actions
> resulting in 45 rule list roots. In actual practice, however, the broker has
> code only to call 14 of these.
> For instance, the broker will never call for authorisation of [link][bind] or
> [method][purge].
> Normal Acl writers would not specify rules to fill these rule list roots but
> they are populated when rules using the "all" keyword are processed.
> There is already validation map code that identifies active intersections in
> the rule list but that code is unused. A relatively easy modification to the
> Acl module would be to consult the validation map before loading decision
> data and only proceed to install rules that may actually be called by the
> broker.
> On small scale Acl rule sets this is not an issue or at least no one has
> complained about it yet. Anticipating larger installations this proposed
> change would help.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
