[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=335005&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-335005
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 28/Oct/19 16:24
Start Date: 28/Oct/19 16:24
Worklog Time Spent: 10m
Work Description: jbertram commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r339662189
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
@brusdev, that makes sense. I think something needs to be added to the docs
explaining this otherwise the behavior might catch users by surprise.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 335005)
Time Spent: 4h 10m (was: 4h)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 4h 10m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=334391&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-334391
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 25/Oct/19 22:08
Start Date: 25/Oct/19 22:08
Worklog Time Spent: 10m
Work Description: brusdev commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r339255585
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
@jbertram with the last commit I tried to prioritize exact matches over
wildcard matches and longer wildcard matches on shorter wildcard matches. I
added the test testBasicRoleWithWildcardInKey that shows what I mean.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 334391)
Time Spent: 4h (was: 3h 50m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 4h
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=334255&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-334255
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 25/Oct/19 17:53
Start Date: 25/Oct/19 17:53
Worklog Time Spent: 10m
Work Description: jbertram commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r339170085
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
It looks like there's a bit more going on here than just prefixing support.
Looks like you implemented real regular expression matching and there's a bit
in there with the TreeMaps that I don't quite understand. Certain matches are
prioritized over others? Can you clarify?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 334255)
Time Spent: 3h 50m (was: 3h 40m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 3h 50m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=332825&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-332825
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 23/Oct/19 19:28
Start Date: 23/Oct/19 19:28
Worklog Time Spent: 10m
Work Description: asfgit commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 332825)
Time Spent: 3h 40m (was: 3.5h)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 3h 40m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=329692&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-329692
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 17/Oct/19 08:25
Start Date: 17/Oct/19 08:25
Worklog Time Spent: 10m
Work Description: brusdev commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r335870325
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
I pushed a commit to simplify the improvement.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 329692)
Time Spent: 3.5h (was: 3h 20m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 3.5h
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=329457&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-329457
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 16/Oct/19 22:22
Start Date: 16/Oct/19 22:22
Worklog Time Spent: 10m
Work Description: jbertram commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r334624011
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
These use-cases seem pretty different to me. The wildcard configuration in
broker.xml is for address matching which is hierarchical in nature and
therefore requires separating "words", matching individual and groups of words,
etc. The "match" performed for keys defined in management.xml is basically just
a **prefix**. It's not hierarchical and doesn't even use regular expressions.
It's *very* simple and IMO it should stay that way.
> If i need to secure a wildcard of address or queues on broker then no
doubt i need to secure the same pattern from admin pov to.
I'm not sure there is "no doubt" about that. Use cases for the security of
actual messaging clients and management users can vary quite a bit. In any
case, the same kind of matching isn't possible in management.xml as it is in
broker.xml either before or after this PR. The use-case for this PR is just
allowing a simple prefixing for the match "key" just like is available for the
access "method" field. The syntax is the same. It's just allowing it in a new
field. I don't see any issue with that.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 329457)
Time Spent: 3h 20m (was: 3h 10m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 3h 20m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=328066&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-328066
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 14/Oct/19 19:13
Start Date: 14/Oct/19 19:13
Worklog Time Spent: 10m
Work Description: clebertsuconic commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r334625086
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
@michaelandrepearce what do you suggest? merge management and broker.xml?
That's certainly desirable. but I don't think we can do it before a 3.0.
management is on a different domain from queues and addresses. it's about
object names.. not queue names.. hence something simpler would certainly apply
here.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 328066)
Time Spent: 3h 10m (was: 3h)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 3h 10m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=328064&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-328064
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 14/Oct/19 19:10
Start Date: 14/Oct/19 19:10
Worklog Time Spent: 10m
Work Description: jbertram commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r334624011
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
These use-cases seem pretty different to me. The wildcard configuration in
broker.xml is for address matching which is hierarchical in nature and
therefore requires separating "words", matching individual and groups of words,
etc. The "match" performed for keys defined in management.xml is basically just
a **prefix**. It's not hierarchical and doesn't even use regular expressions.
It's *very* simple and IMO it should stay that way.
> If i need to secure a wildcard of address or queues on broker then no
doubt i need to secure the same pattern from admin pov to.
I'm not sure is "no doubt" about that. Use cases for the security of actual
messaging clients and management users can vary quite a bit. In any case, the
same kind of matching isn't possible in management.xml as it is in broker.xml
either before or after this PR. The use-case for this PR is just allowing a
simple prefixing for the match "key" just like is available for the access
"method" field. The syntax is the same. It's just allowing it in a new field. I
don't see any issue with that.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 328064)
Time Spent: 3h (was: 2h 50m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 3h
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=328015&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-328015
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 14/Oct/19 17:48
Start Date: 14/Oct/19 17:48
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r334593077
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
So my concern is trying to automate and unify the config the fact already
slightly snowflaked gives me a massive headache as is. Really don't need
further differing config. If we want to enchance the wildcards in management i
feel strongly we need to align it.
E.g. either leave as is, or any new more enhanced stuff needs to be aligned.
I see no reason to have a differing approaches. If i need to secure a wildcard
of address or queues on broker then no doubt i need to secure the same pattern
from admin pov to. Keeping it all aligned just makes it better and simpler to
operate
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 328015)
Time Spent: 2h 50m (was: 2h 40m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=328012&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-328012
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 14/Oct/19 17:47
Start Date: 14/Oct/19 17:47
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r334593077
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
So my concern is trying to automate and unify the config the fact already
slightly snowflaked gives me a massive headache as is. Really don't need
further differing config. If we want to enchance the wildcards in management i
feel strongly we need to align it.
E.g. either leave as is, or any new more enhanced stuff needs to be aligned.
I see no reason to have a differing approaches.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 328012)
Time Spent: 2h 40m (was: 2.5h)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 2h 40m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=328009&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-328009
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 14/Oct/19 17:46
Start Date: 14/Oct/19 17:46
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r334593077
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
So my concern is trying to automate and unify the config the fact already
slightly snowflaked gives me a massive headache as is. Really don't need
further differing config. If we want to enchance the wildcards in management i
feel strongly we need to align it
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 328009)
Time Spent: 2.5h (was: 2h 20m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 2.5h
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=327923&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-327923
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 14/Oct/19 15:50
Start Date: 14/Oct/19 15:50
Worklog Time Spent: 10m
Work Description: clebertsuconic commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r334548567
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
I'm concerned about users abusing the configuration on management, things
not working later.. and having to answer to user forum's / customer issues...
etc...
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 327923)
Time Spent: 2h 20m (was: 2h 10m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=327920&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-327920
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 14/Oct/19 15:48
Start Date: 14/Oct/19 15:48
Worklog Time Spent: 10m
Work Description: clebertsuconic commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r334547881
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
@michaelandrepearce my personal opinion here: can't we keep this simple..
meaning. no configuration of wildcard for management?
I see this can be useful on queues.. etc.. but on management, if we could
keep it simple??
I mean... management and broker should be kept independent.. I wouldn't load
something from broker.xml to change semantics on management...
And if you require the wildcard configuration, then you need testing..and
more moving parts bound to fail and document...
I would prefer to keep it simpler?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 327920)
Time Spent: 2h 10m (was: 2h)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 2h 10m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=325755&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-325755
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 09/Oct/19 15:22
Start Date: 09/Oct/19 15:22
Worklog Time Spent: 10m
Work Description: brusdev commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r333078297
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
@michaelandrepearce WDYT about the last changes?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 325755)
Time Spent: 2h (was: 1h 50m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 2h
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=319471&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-319471
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 27/Sep/19 10:19
Start Date: 27/Sep/19 10:19
Worklog Time Spent: 10m
Work Description: brusdev commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r329007446
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
I pushed a commit to use the same flexible wildcard support used for the
addresses but I added a new node to customize the wildcard syntax for the
authorisation key attributes because:
- the addresses and the keys wildcard support could have different
requirements
- to avoid to introduce a dependence between management.xml and broker.xml
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 319471)
Time Spent: 1h 50m (was: 1h 40m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 1h 50m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318922&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318922
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 11:35
Start Date: 26/Sep/19 11:35
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328571326
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
As the deviation was in management.xml probably there. Others may have other
opinions. Im not heavily opinionated on where.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318922)
Time Spent: 1h 40m (was: 1.5h)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318921&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318921
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 11:34
Start Date: 26/Sep/19 11:34
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328571326
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
As the deviation was in management.xml probably there
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318921)
Time Spent: 1.5h (was: 1h 20m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318912&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318912
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 10:36
Start Date: 26/Sep/19 10:36
Worklog Time Spent: 10m
Work Description: brusdev commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328550740
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
I like your solution where would you put the flag, broker.xml or
management.xml?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318912)
Time Spent: 1h 20m (was: 1h 10m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318829&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318829
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 06:45
Start Date: 26/Sep/19 06:45
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328457234
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
Point here is you could put a flag so that it uses old non flexible or use
the broker.xml one. Lets not further diverge.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318829)
Time Spent: 1h (was: 50m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318830&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318830
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 06:46
Start Date: 26/Sep/19 06:46
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328457234
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
Point here is you could put a flag so that it uses old non flexible or use
the broker.xml one. Lets not further diverge, wildcards.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318830)
Time Spent: 1h 10m (was: 1h)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318779&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318779
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 04:36
Start Date: 26/Sep/19 04:36
Worklog Time Spent: 10m
Work Description: brusdev commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328431483
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
The previous implementation of the wildcard for the key attribute
(documented here
https://github.com/apache/activemq-artemis/blob/master/docs/user-manual/en/management.md)
isn't compatible with broker custom wildcard config defined in broker.xml. If
wildcard configuration uses the same as broker.xml it could break the
compatibility with the previous implementation.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318779)
Time Spent: 50m (was: 40m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318730&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318730
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 02:08
Start Date: 26/Sep/19 02:08
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328408327
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
Wildcard configuration should use the same as broker.xml e.g. if on broker
custom wildcard config, then the same customisation should be supported here.
E.g someone may use different separators in broker.xml for example.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318730)
Time Spent: 40m (was: 0.5h)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318728&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318728
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 02:05
Start Date: 26/Sep/19 02:05
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328408327
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
Wildcard configuration should use the same as broker.xml e.g. if on broker
custom wildcard config, then the same customisation should be supported here
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318728)
Time Spent: 0.5h (was: 20m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=318726&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-318726
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 26/Sep/19 02:04
Start Date: 26/Sep/19 02:04
Worklog Time Spent: 10m
Work Description: michaelandrepearce commented on pull request #2851:
ARTEMIS-2503 Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851#discussion_r328408327
##
File path:
artemis-server/src/main/java/org/apache/activemq/artemis/core/server/management/JMXAccessControlList.java
##
@@ -25,12 +25,22 @@
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
+import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
+import
org.apache.activemq.artemis.core.settings.impl.HierarchicalObjectRepository;
+
public class JMXAccessControlList {
private Access defaultAccess = new Access("*");
- private Map domainAccess = new HashMap<>();
+ private HierarchicalRepository domainAccess;
private ConcurrentHashMap> whitelist = new
ConcurrentHashMap<>();
+ public JMXAccessControlList() {
+ WildcardConfiguration domainAccessWildcardConfiguration = new
WildcardConfiguration();
Review comment:
Wildcard configuration should use the same as broker.xml
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 318726)
Time Spent: 20m (was: 10m)
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (ARTEMIS-2503) Improve wildcards for the roles access match
[
https://issues.apache.org/jira/browse/ARTEMIS-2503?focusedWorklogId=317785&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-317785
]
ASF GitHub Bot logged work on ARTEMIS-2503:
---
Author: ASF GitHub Bot
Created on: 24/Sep/19 19:41
Start Date: 24/Sep/19 19:41
Worklog Time Spent: 10m
Work Description: brusdev commented on pull request #2851: ARTEMIS-2503
Improve wildcards for the roles access match
URL: https://github.com/apache/activemq-artemis/pull/2851
Improve wildcard support for the key attribute in the roles access
match element, allowing prefix match for the mBean properties ie
.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 317785)
Remaining Estimate: 0h
Time Spent: 10m
> Improve wildcards for the roles access match
>
>
> Key: ARTEMIS-2503
> URL: https://issues.apache.org/jira/browse/ARTEMIS-2503
> Project: ActiveMQ Artemis
> Issue Type: Improvement
>Reporter: Domenico Bruscino
>Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Please improve wildcard support for the key element in the roles access
> element.
> ATM you can NOT apply a restriction across a set of queue instances starting
> with the same prefix (like below):
> {code:java}
>
>
>
>...
> {code}
> If queues are created dynamically and only a queue name "prefix" is known in
> advance; JMX RBAC cannot be used to restrict access in this case.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
