[jira] [Commented] (QPID-7318) [Java Broker] Refactor existing ACL plugin code

Tue, 02 Aug 2016 09:01:14 -0700 

    [ 
https://issues.apache.org/jira/browse/QPID-7318?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15404242#comment-15404242
 ] 

Rob Godfrey commented on QPID-7318:
-----------------------------------

h4. Patch 9
{quote}
 * obsolete imports in {{CompoundAccessControl}}
{quote}
Removed

{quote}
 * {{CompoundAccessControl#authorise}} returns {{DEFER}} instead of 
{{_defaultResult}} if no underlying providers decide.
{quote}
Yes - this is deliberate.  It is up to the caller to decide if they was to use 
the default result or not.  authorise() should return the result of applying 
rules.  If after applying rules there is no clear result then the caller can 
decide which AccessControl to gte the default from.
{quote}
 * The CompoundAccessControl in AbstractVirtualHost has at least 2 
AccessControls - {{_systemUserAllowed}} and {{getParentAccessControl()}} - 
which both will have default priority. Would it make sense to give 
{{_systemUserAllowed}} a different default priority?
{quote}
AccessControl objects don't have priorities.  It is the providers which have 
the priority.  The CompoundAccessControl doesn't direct use a priority it 
simply uses the order of the list passed in.  So the order they are evaluated 
in is always {{_systemUserAllowed}} then the prioritized list at the vhost then 
{{getParentAccessControl()}}.  

> [Java Broker] Refactor existing ACL plugin code
> -----------------------------------------------
>
>                 Key: QPID-7318
>                 URL: https://issues.apache.org/jira/browse/QPID-7318
>             Project: Qpid
>          Issue Type: Improvement
>          Components: Java Broker
>            Reporter: Rob Godfrey
>            Assignee: Rob Godfrey
>             Fix For: qpid-java-6.1
>
>
> While the aim is to redesign the ACL implementation in the v6.2 or v7.0 
> timeframe, there is still utility in tidying up the existing ACL 
> implementation a bit.  In particular by separating out functions and 
> providing a better encapsulation, we will make the job of writing automated 
> upgraders to any new ACL implementation substantially easier.
> As a first step we can separate out the parsing of the ACL file, from the 
> "rule based" implementation of ACLs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to