alex-rufous opened a new pull request #43: QPID-8369: [Broker-J] Limit number of connections per user URL: https://github.com/apache/qpid-broker-j/pull/43 The suggested changes allow to set connection limit and connection frequency limit in ACL rule 'ACCESS VIRTUAL HOST'. The corresponding limits can be set in ACL as in examples below ` ACL ALLOW-LOG guest ACCESS VIRTUALHOST connection_limit='20' ACL ALLOW-LOG alex ACCESS VIRTUALHOST connection_frequency_limit='100' ACL ALLOW-LOG alice ACCESS VIRTUALHOST connection_frequency_limit='100' connection_limit='20' The pull request changes ACL and broker core modules. A special `ConnectionPrincipalStatisticsRegistry` is introduced to collect the `AuthenticatedPrincipal` statistics for messaging connections on `AbstractVirtualHost`. The new checks are implemented for ACL rule "ACCESS VIRTUALHOST" having new limit parameters set to verify that a number and frequency of connections for the connection principal do not exceed the limits. Here is a summary of the changes in the pull request: - Introduced interface DynamicRule to allow implementation of ACL rule based on authenticated user specific properties - FirewallRule is converted into an abstract class which implements DynamicRule - added 2 new DynamicRule implementations for connection limit and connection frequency limit - the DynamicRule implementations are created in AclRulePredicates (based on parsed properties) - authorization logic in RuleBasedAccessControl, RuleSet and ClientAction is adjusted to invoke DynamicRules - interface ConnectionPrincipalStatisticsRegistry is introduced to allow collection of statistics for AuthenticatedPrincipals of open messaging connections - interface ConnectionPrincipalStatistics is introduced to hold statistics for AuthenticatedPrincipal for Connection (principal connection count and connections opened within the connection frequency period of time) - Implementations ConnectionPrincipalStatisticsImpl and ConnectionPrincipalStatisticsRegistryImpl are added to collect AuthenticatedPrincipal statistics - New methods was added into interface AMQPConnection expose principal statistics at the time when connection was opened - Implementations for new methods in AMQPConnection are added into AbstractAMQPConnection - AbstractVirtualHost#registerConnection was modified to call ConnectionPrincipalStatisticsRegistry#connectionOpened(AMQPConnection) to update the principal statistics on new connection open - AbstractVirtualHost#deregisterConnection was modified to call ConnectionPrincipalStatisticsRegistry#connectionClosed(AMQPConnection) to update the principal statistics on connection close - A new house keeping task `ConnectionPrincipalStatisticsCheckingTask` is now invoked to clean obsolete connection statistics in ConnectionPrincipalStatisticsRegistry for connections opened beyond connection frequency period - A new context variable is added into QueueManagingVirtualHost to set the connection frequency period - A broker documentation was updated to reflect the ACL changes - A number of unit tests added to cover the changes
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
