[GitHub] [activemq-artemis] brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match
brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r370603131 ## File path: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java ## @@ -25,12 +25,22 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import org.apache.activemq.artemis.core.config.WildcardConfiguration; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository; + public class JMXAccessControlList { private Access defaultAccess = new Access("*"); - private Map domainAccess = new HashMap<>(); + private HierarchicalRepository domainAccess; private ConcurrentHashMap> whitelist = new ConcurrentHashMap<>(); + public JMXAccessControlList() { + WildcardConfiguration domainAccessWildcardConfiguration = new WildcardConfiguration(); Review comment: @jbertram I missed your last comment. I created the new PR #2952 to improve the doc. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [activemq-artemis] brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match
brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r339255585 ## File path: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java ## @@ -25,12 +25,22 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import org.apache.activemq.artemis.core.config.WildcardConfiguration; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository; + public class JMXAccessControlList { private Access defaultAccess = new Access("*"); - private Map domainAccess = new HashMap<>(); + private HierarchicalRepository domainAccess; private ConcurrentHashMap> whitelist = new ConcurrentHashMap<>(); + public JMXAccessControlList() { + WildcardConfiguration domainAccessWildcardConfiguration = new WildcardConfiguration(); Review comment: @jbertram with the last commit I tried to prioritize exact matches over wildcard matches and longer wildcard matches on shorter wildcard matches. I added the test testBasicRoleWithWildcardInKey that shows what I mean. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [activemq-artemis] brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match
brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r335870325 ## File path: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java ## @@ -25,12 +25,22 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import org.apache.activemq.artemis.core.config.WildcardConfiguration; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository; + public class JMXAccessControlList { private Access defaultAccess = new Access("*"); - private Map domainAccess = new HashMap<>(); + private HierarchicalRepository domainAccess; private ConcurrentHashMap> whitelist = new ConcurrentHashMap<>(); + public JMXAccessControlList() { + WildcardConfiguration domainAccessWildcardConfiguration = new WildcardConfiguration(); Review comment: I pushed a commit to simplify the improvement. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [activemq-artemis] brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match
brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r333078297 ## File path: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java ## @@ -25,12 +25,22 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import org.apache.activemq.artemis.core.config.WildcardConfiguration; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository; + public class JMXAccessControlList { private Access defaultAccess = new Access("*"); - private Map domainAccess = new HashMap<>(); + private HierarchicalRepository domainAccess; private ConcurrentHashMap> whitelist = new ConcurrentHashMap<>(); + public JMXAccessControlList() { + WildcardConfiguration domainAccessWildcardConfiguration = new WildcardConfiguration(); Review comment: @michaelandrepearce WDYT about the last changes? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [activemq-artemis] brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match
brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r329007446 ## File path: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java ## @@ -25,12 +25,22 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import org.apache.activemq.artemis.core.config.WildcardConfiguration; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository; + public class JMXAccessControlList { private Access defaultAccess = new Access("*"); - private Map domainAccess = new HashMap<>(); + private HierarchicalRepository domainAccess; private ConcurrentHashMap> whitelist = new ConcurrentHashMap<>(); + public JMXAccessControlList() { + WildcardConfiguration domainAccessWildcardConfiguration = new WildcardConfiguration(); Review comment: I pushed a commit to use the same flexible wildcard support used for the addresses but I added a new node to customize the wildcard syntax for the authorisation key attributes because: - the addresses and the keys wildcard support could have different requirements - to avoid to introduce a dependence between management.xml and broker.xml This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [activemq-artemis] brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match
brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328550740 ## File path: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java ## @@ -25,12 +25,22 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import org.apache.activemq.artemis.core.config.WildcardConfiguration; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository; + public class JMXAccessControlList { private Access defaultAccess = new Access("*"); - private Map domainAccess = new HashMap<>(); + private HierarchicalRepository domainAccess; private ConcurrentHashMap> whitelist = new ConcurrentHashMap<>(); + public JMXAccessControlList() { + WildcardConfiguration domainAccessWildcardConfiguration = new WildcardConfiguration(); Review comment: I like your solution where would you put the flag, broker.xml or management.xml? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [activemq-artemis] brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match
brusdev commented on a change in pull request #2851: ARTEMIS-2503 Improve wildcards for the roles access match URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328431483 ## File path: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java ## @@ -25,12 +25,22 @@ import java.util.Map; import java.util.concurrent.ConcurrentHashMap; +import org.apache.activemq.artemis.core.config.WildcardConfiguration; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository; + public class JMXAccessControlList { private Access defaultAccess = new Access("*"); - private Map domainAccess = new HashMap<>(); + private HierarchicalRepository domainAccess; private ConcurrentHashMap> whitelist = new ConcurrentHashMap<>(); + public JMXAccessControlList() { + WildcardConfiguration domainAccessWildcardConfiguration = new WildcardConfiguration(); Review comment: The previous implementation of the wildcard for the key attribute (documented here https://github.com/apache/activemq-artemis/blob/master/docs/user-manual/en/management.md) isn't compatible with broker custom wildcard config defined in broker.xml. If wildcard configuration uses the same as broker.xml it could break the compatibility with the previous implementation. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services