You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/10/02 09:26:00 UTC

[jira] [Work logged] (ARTEMIS-2886) Optimize security auth

     [ https://issues.apache.org/jira/browse/ARTEMIS-2886?focusedWorklogId=493874&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-493874 ]

ASF GitHub Bot logged work on ARTEMIS-2886:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 02/Oct/20 09:25
            Start Date: 02/Oct/20 09:25
    Worklog Time Spent: 10m 
      Work Description: luisalves00 commented on pull request #3254:
URL: https://github.com/apache/activemq-artemis/pull/3254#issuecomment-702623828


   `if (bareQueue != null) {
               fqqn = CompositeAddress.toFullyQualified(bareAddress, bareQueue);
               if (securityRepository.containsExactMatch(fqqn.toString())) {
                  roles = securityRepository.getMatch(fqqn.toString());
                  isFullyQualified = true;
               }
            }`
   
   What is the securityRepository used for? Currently it is not matching the **fqqn** (against what?) and therefore I don't receive the **fqqn** in the ActiveMQSecurityManager5 implementation.
   Is it possible to says if address is prefixed by "keyword" than always match?
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 493874)
    Time Spent: 2h 50m  (was: 2h 40m)

> Optimize security auth
> ----------------------
>
>                 Key: ARTEMIS-2886
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-2886
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Justin Bertram
>            Assignee: Justin Bertram
>            Priority: Major
>             Fix For: 2.16.0
>
>          Time Spent: 2h 50m
>  Remaining Estimate: 0h
>
> Both authentication and authorization will hit the underlying security repository (e.g. files, LDAP, etc.). For example, creating a JMS connection and a consumer will result in 2 hits with the *same* authentication request. This can cause unwanted (and unnecessary) resource utilization, especially in the case of networked configuration like LDAP.
> There is a rudimentary cache for authorization, but it is cleared *totally* every 10 seconds by default (controlled via the {{security-invalidation-interval setting}}), and it must be populated initially which still results in duplicate auth requests.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)