Alex Rudyy created QPID-7921:
--------------------------------
Summary: [Java Broker] [ACL] Tactical improvements to ACL to allow
managed operation invocations to be controlled
Key: QPID-7921
URL: https://issues.apache.org/jira/browse/QPID-7921
Project: Qpid
Issue Type: Bug
Components: Java Broker
Affects Versions: qpid-java-broker-7.0.0
Reporter: Alex Rudyy
The broker users should be able to allow/deny individual management operations.
We need to improve existing rule based ACL controllers to allow specifying ACL
rules for the managed operations. The proposed ACL rule syntax for the method
invocations is below:
{noformat}
ACL [ALLOW|DENY] principal INVOKE object_type operation_name="myOperation"
{nofromat}
where object_type is any of below
* BROKER
* VIRTUALHOSTNODE
* VIRTUALHOST
* QUEUE
* EXCHANGE
* USER
* GROUP
We do not want to introduce new object types for other broker and virtual host
children.
The ACL rule for them can be expressed using object type BROKER or VIRTUALHOST
accordingly.
We should still support BIND/UNBIND/SHUTDOWN/PUBLISH syntax for backward
compatibility.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
