-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/10658/
-----------------------------------------------------------
(Updated April 26, 2013, 7:45 p.m.)
Review request for qpid, Alan Conway and Gordon Sim.
Changes
-------
Change logic per review suggestion to let unauthenticated systems create links
without ACL approval. By specifying --auth=no the user is deliberately
bypassing a host of security checks already.
Furthermore systems without ACL gain a performance advantage throughout.
Description
-------
Lock down federation link creation to be allowed only by ACL approval. When no
ACL file is specified then no federation links are allowed.
This version is more forgiving than the description in QPID-4631 as no explicit
CREATE LINK rules are required. Simple 'allow all all' ACL rules are sufficient.
ACL files are added to all diagnostics broker instances so that cmake 'make
check' and autotools 'make test' work.
This addresses bug QPID-4631.
https://issues.apache.org/jira/browse/QPID-4631
Diffs (updated)
-----
trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp 1476311
trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp 1476311
trunk/qpid/cpp/src/tests/ha_test.py 1476311
trunk/qpid/cpp/src/tests/run_acl_tests 1476311
trunk/qpid/cpp/src/tests/sasl_fed 1476311
Diff: https://reviews.apache.org/r/10658/diff/
Testing
-------
The ACL self test is enhanced to show that brokers running without the ACL
module/file loaded cannot create federation links.
Thanks,
Chug Rolke
