You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Keith Wall (JIRA)" <ji...@apache.org> on 2016/05/02 15:54:12 UTC

[jira] [Created] (QPID-7246) Make ACL module realm aware

Keith Wall created QPID-7246:
--------------------------------

             Summary: Make ACL module realm aware
                 Key: QPID-7246
                 URL: https://issues.apache.org/jira/browse/QPID-7246
             Project: Qpid
          Issue Type: Improvement
          Components: Java Broker
            Reporter: Keith Wall
             Fix For: qpid-java-6.1


Make the existing ACL module realm aware.

The parser will need to be adapted to accept realm qualified user/group names.  Currently some symbols, such as the {{=}} and {{/}} within X500 realms will choke the parser.  Perhaps insisting that the name is quoted will help?

To ease upgrade, to allow existing ACL rules files to contain to work without change, it may be better to allow an ACL rule file to be associated with at most one authentication provider and at most one group provider.  If the ACL rule is written in term of of the identity without realm, the authorisation engine would fallback to either of the two associated providers.   At configuration upgrade time, if there is a singleton authentication provider and singleton group provider, these would be associate with the Access Control Provider.








--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org