qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Rudyy (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (QPID-7921) [Java Broker] [ACL] Tactical improvements to ACL to allow managed operation invocations to be controlled
Date Fri, 22 Sep 2017 13:23:00 GMT

     [ https://issues.apache.org/jira/browse/QPID-7921?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alex Rudyy updated QPID-7921:
-----------------------------
    Description: 
The broker users should be able to allow/deny individual management operations.
We need to improve existing rule based ACL controllers to allow specifying ACL rules for the
managed operations. The proposed ACL rule syntax for the method invocations is below:
{noformat}
ACL [ALLOW|DENY] principal INVOKE object_type operation_name="myOperation"
{nofromat}
where object_type is any of below
* BROKER
* VIRTUALHOSTNODE
* VIRTUALHOST
* QUEUE
* EXCHANGE
* USER
* GROUP

We do not want to introduce new object types for other broker and virtual host children.
The ACL rule for them can be expressed using object type BROKER or VIRTUALHOST accordingly.
We should still support BIND/UNBIND/SHUTDOWN/PUBLISH syntax for backward compatibility.

  was:
The broker users should be able to allow/deny individual management operations.
We need to improve existing rule based ACL controllers to allow specifying ACL rules for the
managed operations. The proposed ACL rule syntax for the method invocations is below:
{noformat}
ACL [ALLOW|DENY] principal INVOKE object_type operation_name="myOperation"
{nofromat}
where object_type is any of below
* BROKER
* VIRTUALHOSTNODE
* VIRTUALHOST
* QUEUE
* EXCHANGE
* USER
* GROUP
We do not want to introduce new object types for other broker and virtual host children.
The ACL rule for them can be expressed using object type BROKER or VIRTUALHOST accordingly.
We should still support BIND/UNBIND/SHUTDOWN/PUBLISH syntax for backward compatibility.


> [Java Broker] [ACL] Tactical improvements to ACL to allow managed operation invocations
to be controlled
> --------------------------------------------------------------------------------------------------------
>
>                 Key: QPID-7921
>                 URL: https://issues.apache.org/jira/browse/QPID-7921
>             Project: Qpid
>          Issue Type: Bug
>          Components: Java Broker
>    Affects Versions: qpid-java-broker-7.0.0
>            Reporter: Alex Rudyy
>
> The broker users should be able to allow/deny individual management operations.
> We need to improve existing rule based ACL controllers to allow specifying ACL rules
for the managed operations. The proposed ACL rule syntax for the method invocations is below:
> {noformat}
> ACL [ALLOW|DENY] principal INVOKE object_type operation_name="myOperation"
> {nofromat}
> where object_type is any of below
> * BROKER
> * VIRTUALHOSTNODE
> * VIRTUALHOST
> * QUEUE
> * EXCHANGE
> * USER
> * GROUP
> We do not want to introduce new object types for other broker and virtual host children.
> The ACL rule for them can be expressed using object type BROKER or VIRTUALHOST accordingly.
> We should still support BIND/UNBIND/SHUTDOWN/PUBLISH syntax for backward compatibility.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message