[
https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912811&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912811
]
ASF GitHub Bot logged work on ARTEMIS-4709:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 03/Apr/24 10:36
Start Date: 03/Apr/24 10:36
Worklog Time Spent: 10m
Work Description: gtully commented on code in PR #4871:
URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1549448744
##########
docs/user-manual/broker-plugins.adoc:
##########
@@ -178,3 +178,30 @@ In the example below `ROLE_PROPERTY` is set to
`permissions` when that property
</broker-plugin>
</broker-plugins>
----
+
+== Using the ConnectionPeriodicExpiryPlugin
+
+The `ConnectionPeriodicExpiryPlugin` will implement a global expiry (and
disconnect) for connections that live longer than `periodSeconds` on a matching
acceptor basis.
+
+This plugin can be useful when credential rotation or credential validation
must be enforced at regular intervals as authentication will be enforced on
reconnect.
+
+The plugin requires the configuration of the `acceptorMatchRegex` to determine
the acceptors to monitor. It is typical to separate client acceptors and
federation or cluster acceptors such that only client connections will be
subject to periodic expiry. The `acceptorMatchRegex` must be configured to
match the name of the acceptor(s) whose connections will be subject to periodic
expiry.
+
+|===
+| Property | Property Description | Default Value
+
+|`acceptorMatchRegex`|the regular expression used to match against the names
of acceptors to monitor | ""
+|`periodSeconds`|the max duration or period, in seconds, that a connection can
last | 15 minutes (as seconds)
Review Comment:
fair point, thanks!
Issue Time Tracking
-------------------
Worklog Id: (was: 912811)
Time Spent: 1h (was: 50m)
> Add a plugin to provide periodic expiry of connections on a per acceptor basis
> ------------------------------------------------------------------------------
>
> Key: ARTEMIS-4709
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4709
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Components: Broker
> Affects Versions: 2.33.0
> Reporter: Gary Tully
> Assignee: Gary Tully
> Priority: Major
> Fix For: 2.34.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> When credential rotation needs to be enforced, active connections need to be
> terminated on some timeline to ensure credentials are reevaluated. There are
> management apis that can be used but these require some intervention.
> In addition to enforce some SLA around duration of connections, having an
> easy way to limit connections to a given maximum period can be helpful.
> A plugin that will be applied on an per acceptor basis, that can be used to
> disconnect connections that have lived for some period can provide a nice
> building block for these use cases.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
