[
https://issues.apache.org/jira/browse/QPID-8369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17002370#comment-17002370
]
ASF GitHub Bot commented on QPID-8369:
--------------------------------------
alex-rufous commented on pull request #43: QPID-8369: [Broker-J] Limit number
of connections per user
URL: https://github.com/apache/qpid-broker-j/pull/43
The suggested changes allow to set connection limit and connection frequency
limit in ACL rule 'ACCESS VIRTUAL HOST'. The corresponding limits can be set in
ACL as in examples below
`
ACL ALLOW-LOG guest ACCESS VIRTUALHOST connection_limit='20'
ACL ALLOW-LOG alex ACCESS VIRTUALHOST connection_frequency_limit='100'
ACL ALLOW-LOG alice ACCESS VIRTUALHOST connection_frequency_limit='100'
connection_limit='20'
The pull request changes ACL and broker core modules.
A special `ConnectionPrincipalStatisticsRegistry` is introduced to collect
the `AuthenticatedPrincipal` statistics for messaging connections on
`AbstractVirtualHost`. The new checks are implemented for ACL rule "ACCESS
VIRTUALHOST" having new limit parameters set to verify that a number and
frequency of connections for the connection principal do not exceed the limits.
Here is a summary of the changes in the pull request:
- Introduced interface DynamicRule to allow implementation of ACL rule
based on authenticated user specific properties
- FirewallRule is converted into an abstract class which implements
DynamicRule
- added 2 new DynamicRule implementations for connection limit and
connection frequency limit
- the DynamicRule implementations are created in AclRulePredicates (based
on parsed properties)
- authorization logic in RuleBasedAccessControl, RuleSet and ClientAction
is adjusted to invoke DynamicRules
- interface ConnectionPrincipalStatisticsRegistry is introduced to allow
collection of statistics for AuthenticatedPrincipals of open messaging
connections
- interface ConnectionPrincipalStatistics is introduced to hold statistics
for AuthenticatedPrincipal for Connection (principal connection count and
connections opened within the connection frequency period of time)
- Implementations ConnectionPrincipalStatisticsImpl and
ConnectionPrincipalStatisticsRegistryImpl are added to collect
AuthenticatedPrincipal statistics
- New methods was added into interface AMQPConnection expose principal
statistics at the time when connection was opened
- Implementations for new methods in AMQPConnection are added into
AbstractAMQPConnection
- AbstractVirtualHost#registerConnection was modified to call
ConnectionPrincipalStatisticsRegistry#connectionOpened(AMQPConnection) to
update the principal statistics on new connection open
- AbstractVirtualHost#deregisterConnection was modified to call
ConnectionPrincipalStatisticsRegistry#connectionClosed(AMQPConnection) to
update the principal statistics on connection close
- A new house keeping task `ConnectionPrincipalStatisticsCheckingTask` is
now invoked to clean obsolete connection statistics in
ConnectionPrincipalStatisticsRegistry for connections opened beyond connection
frequency period
- A new context variable is added into QueueManagingVirtualHost to set the
connection frequency period
- A broker documentation was updated to reflect the ACL changes
- A number of unit tests added to cover the changes
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> [Broker-J] Limit number of connections per user
> -----------------------------------------------
>
> Key: QPID-8369
> URL: https://issues.apache.org/jira/browse/QPID-8369
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Reporter: Tomas Vavricka
> Priority: Major
> Labels: connection, limit, user
> Fix For: qpid-java-broker-8.0.0
>
> Attachments:
> 0001-QPID-8369-Broker-J-WIP-Add-connection-limit-support-.patch,
> 0002-QPID-8369-Broker-J-WIP-Add-support-for-connection-fr.patch
>
>
> There is only limit for number of connections per amqp/amqps port.
> If some user creates too much connections, he can prevent other users from
> connecting to amqp ports.
> Qpid Broker-J should support some limitation for connections per user.
> Broker should also support limitation of number of created connections per
> time frame ex: create 60 connections per one minute at maximum
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
