[ https://issues.apache.org/jira/browse/QPID-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy updated QPID-7246: ----------------------------- Fix Version/s: (was: qpid-java-broker-7.1.0) Future > Make ACL module realm aware > --------------------------- > > Key: QPID-7246 > URL: https://issues.apache.org/jira/browse/QPID-7246 > Project: Qpid > Issue Type: Improvement > Components: Broker-J > Reporter: Keith Wall > Priority: Major > Fix For: Future > > > Make the existing ACL module realm aware. > The parser will need to be adapted to accept realm qualified user/group > names. Currently some symbols, such as the {{=}} and {{/}} within X500 > realms will choke the parser. Perhaps insisting that the name is quoted will > help? > Change RuleSet#isRelevant() so that applicability of the rule is considers > realm in addition to the Principal's name. > In order to ease upgrade, to allow existing ACL rules files to contain to > work without change, it may be better to allow an instance of AccessControl > to be associated with a default authentication provider and default group > provider. If the ACL rule is written in term of of the identity without > realm, the authorisation engine would fallback to either of the two > associated providers, thus a rule {{ACL ALLOW 'fred'...}} would be treated > as if it were {{ACL ALLOW 'f...@ldap.example.com'}}. At configuration > upgrade time, if there is a singleton authentication provider and singleton > group provider, these would be associated with the Access Control Provider > automatically. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org