[jira] Commented: (QPID-2539) Update ACL file syntax to be clearer and add extra operations

[Rajith Attapattu (JIRA)]

    [ 
https://issues.apache.org/jira/browse/QPID-2539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12866162#action_12866162
 ] 

Rajith Attapattu commented on QPID-2539:
----------------------------------------

1. I can see the value of virtual host for the current setup, but going forward 
do we have virtual hosts in AMQP 1.0 ? So it worth it doing so late in the game?

I am not opposed to having a virtual host object in the ACL file as the Java 
broker is using that.
The c++ broker can easily ignore it.
My question was more about whether it's really worth spending effort on 
something that we know want be there for long.
If you have customer requests for protecting virtual hosts with ACL then it is 
fine (All though I think this is redundant as the objects within a virtual host 
is covered anyways).
But if there is no interest from the users, then I'd say don't bother.

ADK: This is required for the Firewall plugin. Whether the Firewall plugin is 
required is another question entirely. 

RA: Good question, Aidan and I had discussed on the qpid dev list about using 
ACL to validate the IP addresses instead of maintaining a separate firewall 
plugin.
        The C++ broker does have an outstanding JIRA for something similar to 
the firewall plugin which we hope to implement using ACL.
        We were planning to have that as an optional feature to ensure 
backwards compatibility.

       So if you want ACL to restrict IP address you need to explicitly enable 
it in the ACL module.
       The config option (Not the CONFIG object) you talked about is going to 
be handy here.

I am bit swamped these days, hopefully when I get some free time, I will try to 
put my thoughts into a wiki page to capture the requirements and share some 
ideas with you.
Perhaps then we can open some more concrete JIRA's to focus on those individual 
areas.

> Update ACL file syntax to be clearer and add extra operations
> -------------------------------------------------------------
>
>                 Key: QPID-2539
>                 URL: https://issues.apache.org/jira/browse/QPID-2539
>             Project: Qpid
>          Issue Type: Sub-task
>          Components: Java Broker
>            Reporter: Andrew Kennedy
>             Fix For: 0.7
>
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org