You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2017/09/27 13:12:55 UTC

[4/4] qpid-broker-j git commit: QPID-7923: [Java Broker] [ACL] Correct typos in the documentation

QPID-7923: [Java Broker] [ACL] Correct typos in the documentation


Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/d8613a62
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/d8613a62
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/d8613a62

Branch: refs/heads/master
Commit: d8613a6238a4e9bfb7af4174105a1ce3f7d7a3e2
Parents: 33c5e6a
Author: Keith Wall <kw...@apache.org>
Authored: Wed Sep 27 14:12:04 2017 +0100
Committer: Keith Wall <kw...@apache.org>
Committed: Wed Sep 27 14:12:04 2017 +0100

----------------------------------------------------------------------
 ...a-Broker-Security-AccessControlProviders.xml | 32 ++++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/d8613a62/doc/java-broker/src/docbkx/security/Java-Broker-Security-AccessControlProviders.xml
----------------------------------------------------------------------
diff --git a/doc/java-broker/src/docbkx/security/Java-Broker-Security-AccessControlProviders.xml b/doc/java-broker/src/docbkx/security/Java-Broker-Security-AccessControlProviders.xml
index d5b4ce1..2f7964d 100644
--- a/doc/java-broker/src/docbkx/security/Java-Broker-Security-AccessControlProviders.xml
+++ b/doc/java-broker/src/docbkx/security/Java-Broker-Security-AccessControlProviders.xml
@@ -26,18 +26,18 @@
     The Access Control Provider governs the actions that a user may perform.
   </para>
   <para>There are two points within the hierarchy that enforce access control: the Broker itself and at each Virtual
-    Host. When an access decision needs to be made, the nearest control point configure with a provider is consulted
+    Host. When an access decision needs to be made, the nearest control point configured with a provider is consulted
     for a decision.  The example, when making a decision about the ability to say, consume from, a Queue, if the
     Virtual Host is configured with Access Control Provider it is consulted.  Unless a decision is made, the decision
     is delegated to the Access Control Provider configured at the Broker.
   </para>
-  <para>Access Control Providers are configured with a list of ACL rules. The rules determine to which object
+  <para>Access Control Providers are configured with a list of ACL rules. The rules determine to which objects
     the user has access and what actions the user may perform on those objects.  Rules are ordered and are considered
     top to bottom.  The first matching rule makes the access decision.
   </para>
   <para>
-    ACL rules may be written in terms of group names. A rule written in terms of a group name applies to the user if
-    he is a member of that group. Groups information is obtained from the
+    ACL rules may be written in terms of user or group names. A rule written in terms of a group name applies to the
+    user if he is a member of that group. Groups information is obtained from the
     <link linkend="Java-Broker-Security-Authentication-Providers">Authentication Providers</link>
     and
     <link linkend="Java-Broker-Security-Group-Providers">Group Providers</link>.  Writing ACL in terms of groups is
@@ -55,7 +55,7 @@
         <listitem>
           <para><emphasis>RulesBased</emphasis> - a provider that stores the rules-set within
            the Broker's or VirtualHost's configuration.  When used with HA, the Virtualhost
-           rules automatically apply to all nodes participating within the HA group.</para>
+           rules automatically propagated to all nodes participating within the HA group.</para>
         </listitem>
         <listitem>
           <para>
@@ -72,13 +72,13 @@
     </title>
     <para>
       An ACL rule-set is an ordered list of ACL rules.</para>
-    <para>An ACL rule comrprises matching criteria that determine if a rule will fire for a given action and a decision
-      outcome. If the rule matches the rule makes an access decision outcome. Decision outcomes are final: no regard is given
-      to rules that appear later once a decision is made.
+    <para>An ACL rule comprises matching criteria that determines if a rule applies to a situation and a decision
+      outcome. The rule produces an outcome only if the all matching criteria are satisfied.
     </para>
-    <para>Matching criteria is composed of an ACL object type (e.g. QUEUE), an ACL action (e.g. UPDATE) and other
-      properties that further refine if a match is made.  These properties restrict the match based on criteria such
-      as name or IP address.
+    <para>Matching criteria is composed of an ACL object type (e.g. <literal>QUEUE</literal>), an ACL action
+      (e.g. <literal>UPDATE</literal>) and other properties that further refine if a match is made. These properties
+      restrict the match based on additional criteria such as name or IP address. ACL Object type <literal>ALL</literal>
+      matches any object.  Likewise ACL Action <literal>ALL</literal> matches any action.
     </para>
     <para>Let's look at some examples.</para>
     <programlisting>
@@ -86,7 +86,7 @@
       ACL DENY bob CREATE QUEUE name="myqueue"  # Denies bob permission to create a queue called "myqueue"
     </programlisting>
     <para>
-      As dicussed, ACL rule-set is considered in order with the first matching rule taking precedence over all those
+      As discussed, the ACL rule-set is considered in order with the first matching rule taking precedence over all those
       that follow. In the following example, if the user bob tries to create an exchange "myexch", the action
       will be allowed by the first rule. The second rule will never be considered.
     </para>
@@ -102,10 +102,10 @@
       ACL ALLOW bob ALL EXCHANGE
     </programlisting>
     <para>
-      If a rule-set fails to make a decision, the result is configurable. By default, the RulesBased provider defers
-      the decision allowing another provider further up the hierarchy to make a decision (i.e. allowing the VirtualHost
-      control point to delegate to the Broker). In the case of the ACLFile provider, by default, its rule-sets implicit
-      have a rule denying all operations to all users. It is as if the rule-set ends with
+      If a rule-set fails to make a decision, the result is configurable. By default, the <literal>RuleBased</literal>
+      provider defers the decision allowing another provider further up the hierarchy to make a decision (i.e. allowing
+      the VirtualHost control point to delegate to the Broker). In the case of the ACLFile provider, by default, its
+      rule-set implicit have a rule denying all operations to all users. It is as if the rule-set ends with
       <literal>ACL DENY ALL ALL</literal>.   If no access control provider makes a decision the default is to
       deny the action.
     </para>


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org