[
https://issues.apache.org/jira/browse/QPID-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Keith Wall updated QPID-7246:
-----------------------------
Fix Version/s: (was: qpid-java-6.2)
qpid-java-7.1
> Make ACL module realm aware
> ---------------------------
>
> Key: QPID-7246
> URL: https://issues.apache.org/jira/browse/QPID-7246
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker
> Reporter: Keith Wall
> Fix For: qpid-java-7.1
>
>
> Make the existing ACL module realm aware.
> The parser will need to be adapted to accept realm qualified user/group
> names. Currently some symbols, such as the {{=}} and {{/}} within X500
> realms will choke the parser. Perhaps insisting that the name is quoted will
> help?
> Change RuleSet#isRelevant() so that applicability of the rule is considers
> realm in addition to the Principal's name.
> In order to ease upgrade, to allow existing ACL rules files to contain to
> work without change, it may be better to allow an instance of AccessControl
> to be associated with a default authentication provider and default group
> provider. If the ACL rule is written in term of of the identity without
> realm, the authorisation engine would fallback to either of the two
> associated providers, thus a rule {{ACL ALLOW 'fred'...}} would be treated
> as if it were {{ACL ALLOW '[email protected]'}}. At configuration
> upgrade time, if there is a singleton authentication provider and singleton
> group provider, these would be associated with the Access Control Provider
> automatically.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
