[
https://issues.apache.org/jira/browse/QPID-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16500046#comment-16500046
]
Alex Rudyy commented on QPID-7246:
----------------------------------
The work is de-scoped from 7.1.0
> Make ACL module realm aware
> ---------------------------
>
> Key: QPID-7246
> URL: https://issues.apache.org/jira/browse/QPID-7246
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Keith Wall
> Priority: Major
> Labels: Broker-J-Identity
> Fix For: Future
>
>
> Make the existing ACL module realm aware.
> The parser will need to be adapted to accept realm qualified user/group
> names. Currently some symbols, such as the {{=}} and {{/}} within X500
> realms will choke the parser. Perhaps insisting that the name is quoted will
> help?
> Change RuleSet#isRelevant() so that applicability of the rule is considers
> realm in addition to the Principal's name.
> In order to ease upgrade, to allow existing ACL rules files to contain to
> work without change, it may be better to allow an instance of AccessControl
> to be associated with a default authentication provider and default group
> provider. If the ACL rule is written in term of of the identity without
> realm, the authorisation engine would fallback to either of the two
> associated providers, thus a rule {{ACL ALLOW 'fred'...}} would be treated
> as if it were {{ACL ALLOW '[email protected]'}}. At configuration
> upgrade time, if there is a singleton authentication provider and singleton
> group provider, these would be associated with the Access Control Provider
> automatically.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
