[ https://issues.apache.org/jira/browse/JAMES-4090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17899712#comment-17899712 ]
Benoit Tellier commented on JAMES-4090: --------------------------------------- Implemented prototype allows disconnection on both IMAP, SMTP websockets. Remaining work: - Support distributed mode for this feature. - Could be cool to allow for group desactivations - Plugging it onto James data-api operations would be a must! I might proceed with merging this POC yet complementary work will continue on those next steps. > IMAP / SMTP: Force user deconnection > ------------------------------------ > > Key: JAMES-4090 > URL: https://issues.apache.org/jira/browse/JAMES-4090 > Project: James Server > Issue Type: New Feature > Reporter: Benoit Tellier > Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > ## Why? > IMAP / SMTP protocols are connected stateful protocols, where the user > establishes a long lived connection used to serve many requests. > Upon specific events (password change, phone stolen, delegation right > removed, etc...) I might want to abort those connections as soon as possible > and force a specific user to re-login. > As off today, there is no mechanism in place in order to do so. > ## Goal > Have a webadmin endpoint allowing iterating on locally established > connections, and close the one belonging to the aforementioned user. This > forces the given user to eventually re-login. > This means we need to manage channel groups for recording channels for the > protocols where we need to support such kind of forced logout. > ## Non goals > We target in a first approach only a "local" implementation. If called we > only remove concerned connections of the local node and do NOT attempt to > close connections across the cluster. This means the endpoint needs to be > called ON EACH James server node. > Supporting disconnects in a distributed technologies would mean implementing > a broadcast on top of a distributed queue. > It is also a non goal (for now!) to automatically trigger this disconnect > when : > - user changes password > - user removes a delegation > ## complementary work > JMAP websocket / event source shall also be impacted by this logout. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org