You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ted Ross (JIRA)" <qp...@incubator.apache.org> on 2009/08/26 17:15:59 UTC
[jira] Commented: (QPID-943) Move JMSXUserID creation to client to
improve broker performance
[ https://issues.apache.org/jira/browse/QPID-943?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12747976#action_12747976 ]
Ted Ross commented on QPID-943:
-------------------------------
One more related idea:
The userId check-suppression that occurs for federation links should be generalized for trusted clients. In federation, the downstream broker trusts the upstream broker (its client) to authenticate the userIds in the messages it forwards.
There's a use case for real trusted clients that produce messages on behalf of users that didn't open the connection. In this case, the client can set an option to be trusted, the option is validated by an ACL, and the broker then suppresses the userId check on messages from that client.
An example of this use case is a web server that uses a Qpid client in its back-end. Messages sent into the Qpid broker contain the userId of the end-user that was authenticated by the web server.
Thoughts?
-Ted
> Move JMSXUserID creation to client to improve broker performance
> ----------------------------------------------------------------
>
> Key: QPID-943
> URL: https://issues.apache.org/jira/browse/QPID-943
> Project: Qpid
> Issue Type: Improvement
> Components: Java Broker, Java Client
> Affects Versions: 0.5
> Reporter: Marnie McCormack
> Assignee: Rajith Attapattu
> Fix For: 0.6
>
> Attachments: c++broker_userid_check.patch, javabroker_userid_check.patch, JMSXUserID.patch
>
>
> Summary:
> Currently the broker modifies the message to add the JMSXUserID. A better approach would be to have the client encode that detail and have the broker verify that it is correct. This means that the broker does not have to re-encode every message. It also allows the sending client to decide if they wish to include the JMSXUserID for validation.
> Proposed Changes:
> Removing existing modification code replacing with validation if the JMSXUserID is present. If validation is required to pass then close the connection on failures.
> Augment to client to have the ability to manuall or automatically set the JMSXUserID based on the authenticated connection.
> Test Strategy:
> Test messages with manual user id creation(correct and incorrect), automatic user id creation.
> Test broker in validation mode and lenient mode.
> Testing should include performance metrics to quantify the inpact of the additional processing.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org