ASF GitHub Bot commented on DISPATCH-333:

Github user dmuntima commented on a diff in the pull request:

    --- Diff: doc/new-book/configuration-security.adoc ---
    @@ -412,3 +414,356 @@ listener {
     For more information about these attributes, see 
    +== Authorizing Access to Messaging Resources
    +You can restrict the number of user connections, and control access to 
AMQP messaging resources by configuring _policies_.
    +=== Types of Policies
    +You can configure two different types of policies: _global policies_ and 
_vhost policies_.
    +Global policies::
    +Settings for the router. A global policy defines the maximum number of 
incoming user connections for the router (across all vhost policies), and 
defines how the router should use vhost policies.
    +Vhost policies::
    +Connection and AMQP resource limits for a messaging endpoint (called an 
AMQP virtual host, or _vhost_). A vhost policy defines what a client can access 
on a messaging endpoint over a particular connection.
    +A vhost is typically the name of the host to which the client connection 
is directed. For example, if a client application opens a connection to the 
`amqp://mybroker.example.com:5672/queue01` URL, the vhost would be 
    +The resource limits defined in global and vhost policies are applied to 
user connections only. The limits do not affect inter-router connections or 
router connections that are outbound to waypoints.
    +=== How {RouterName} Applies Policies
    +When a client connects to a router, the router determines whether to 
permit the connection based on the global and vhost policies, and the following 
properties of the connection:
    +* The host to which the connection is directed (the vhost)
    +* The connection's authenticated user name
    +* The host from which the client is connecting (the remote host)
    +If the connection is permitted, then the router applies a vhost policy 
that matches the vhost to which the connection is directed. The vhost policy 
limits are enforced for the lifetime of the connection.
    +=== Configuring Global Policies
    +You can set the incoming connection limit for the router and define how it 
should use vhost policies by configuring a global policy.
    +* In the router configuration file, add a `policy` section.
    +policy = {
    +    maxConnections: 10000  // <1>
    +    enableVhostPolicy: true  // <2>
    +    policyDir: /etc/qpid-dispatch/policies/  // <3>
    +    defaultVhost: $default  // <4>
    +<1> The maximum number of concurrent client connections allowed for this 
router. This limit is always enforced, even if no other policy settings have 
been defined. The limit is applied to all incoming connections regardless of 
remote host, authenticated user, or targeted vhost. The default value is 
    --- End diff --
    If possible, please provide the minimum and maximum values for this element.

> Add a chapter on policy to the Qpid Dispatch Router Book.
> ---------------------------------------------------------
>                 Key: DISPATCH-333
>                 URL: https://issues.apache.org/jira/browse/DISPATCH-333
>             Project: Qpid Dispatch
>          Issue Type: Improvement
>          Components: Documentation
>    Affects Versions: 0.7.0
>            Reporter: Ganesh Murthy
>            Assignee: Ben Hardesty
>            Priority: Minor
> Add a new chapter containing details on how policy works and how to setup 
> policy to the Qpid Dispatch Router Book

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org

Reply via email to