You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by GitBox <gi...@apache.org> on 2021/11/04 12:34:06 UTC

[GitHub] [qpid-broker-j] mklaca commented on pull request #113: QPID-8565: [Broker-J] Enhancement of ACL rule predicates evaluation

mklaca commented on pull request #113:
URL: https://github.com/apache/qpid-broker-j/pull/113#issuecomment-960816319


   Hi Alex, regarding the CONNECTION_LIMIT and CONNECTION_FREQUENCY_LIMIT
   
   CONNECTION_LIMIT and CONNECTION_FREQUENCY_LIMIT syntax was kept on because of the compatibility of the connection limit plugin with existing acl files and so the acl plugin and connection limit plugin can use the same configuration file. It simplifies the transition.
   
   If you do not like the warning message then it can be fixed.
   If you want to drop CONNECTION_LIMIT and CONNECTION_FREQUENCY_LIMIT syntax from acl files then it should be removed completely from Property and AclRulePredicatesBuilder class, including support of the acl files from connection limit plugin.
   
   This is refactoring task and it should not have any impact on the functionality. Any functional changes should be done in separate task.
   
   But the most important is that the actual code has a bug.
   Let have an acl file with following line:
   `ACL ALLOW all ACCESS VIRTUALHOST connection_limit=10 connection_frequency_limit=12`
   It silently passes the parsing with neither warning nor exception and it looks like that everything is fine. But acl rule is dysfunctional. The rule never matches because any object never has CONNECTION_LIMIT and CONNECTION_FREQUENCY_LIMIT property and so the rule is always skipped.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org