----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/10658/ -----------------------------------------------------------
(Updated April 26, 2013, 7:45 p.m.) Review request for qpid, Alan Conway and Gordon Sim. Changes ------- Change logic per review suggestion to let unauthenticated systems create links without ACL approval. By specifying --auth=no the user is deliberately bypassing a host of security checks already. Furthermore systems without ACL gain a performance advantage throughout. Description ------- Lock down federation link creation to be allowed only by ACL approval. When no ACL file is specified then no federation links are allowed. This version is more forgiving than the description in QPID-4631 as no explicit CREATE LINK rules are required. Simple 'allow all all' ACL rules are sufficient. ACL files are added to all diagnostics broker instances so that cmake 'make check' and autotools 'make test' work. This addresses bug QPID-4631. https://issues.apache.org/jira/browse/QPID-4631 Diffs (updated) ----- trunk/qpid/cpp/src/qpid/acl/AclConnectionCounter.cpp 1476311 trunk/qpid/cpp/src/qpid/broker/ConnectionHandler.cpp 1476311 trunk/qpid/cpp/src/tests/ha_test.py 1476311 trunk/qpid/cpp/src/tests/run_acl_tests 1476311 trunk/qpid/cpp/src/tests/sasl_fed 1476311 Diff: https://reviews.apache.org/r/10658/diff/ Testing ------- The ACL self test is enhanced to show that brokers running without the ACL module/file loaded cannot create federation links. Thanks, Chug Rolke