[ https://issues.apache.org/jira/browse/ARTEMIS-4709?focusedWorklogId=912811&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-912811 ]
ASF GitHub Bot logged work on ARTEMIS-4709: ------------------------------------------- Author: ASF GitHub Bot Created on: 03/Apr/24 10:36 Start Date: 03/Apr/24 10:36 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4871: URL: https://github.com/apache/activemq-artemis/pull/4871#discussion_r1549448744 ########## docs/user-manual/broker-plugins.adoc: ########## @@ -178,3 +178,30 @@ In the example below `ROLE_PROPERTY` is set to `permissions` when that property </broker-plugin> </broker-plugins> ---- + +== Using the ConnectionPeriodicExpiryPlugin + +The `ConnectionPeriodicExpiryPlugin` will implement a global expiry (and disconnect) for connections that live longer than `periodSeconds` on a matching acceptor basis. + +This plugin can be useful when credential rotation or credential validation must be enforced at regular intervals as authentication will be enforced on reconnect. + +The plugin requires the configuration of the `acceptorMatchRegex` to determine the acceptors to monitor. It is typical to separate client acceptors and federation or cluster acceptors such that only client connections will be subject to periodic expiry. The `acceptorMatchRegex` must be configured to match the name of the acceptor(s) whose connections will be subject to periodic expiry. + +|=== +| Property | Property Description | Default Value + +|`acceptorMatchRegex`|the regular expression used to match against the names of acceptors to monitor | "" +|`periodSeconds`|the max duration or period, in seconds, that a connection can last | 15 minutes (as seconds) Review Comment: fair point, thanks! Issue Time Tracking ------------------- Worklog Id: (was: 912811) Time Spent: 1h (was: 50m) > Add a plugin to provide periodic expiry of connections on a per acceptor basis > ------------------------------------------------------------------------------ > > Key: ARTEMIS-4709 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4709 > Project: ActiveMQ Artemis > Issue Type: New Feature > Components: Broker > Affects Versions: 2.33.0 > Reporter: Gary Tully > Assignee: Gary Tully > Priority: Major > Fix For: 2.34.0 > > Time Spent: 1h > Remaining Estimate: 0h > > When credential rotation needs to be enforced, active connections need to be > terminated on some timeline to ensure credentials are reevaluated. There are > management apis that can be used but these require some intervention. > In addition to enforce some SLA around duration of connections, having an > easy way to limit connections to a given maximum period can be helpful. > A plugin that will be applied on an per acceptor basis, that can be used to > disconnect connections that have lived for some period can provide a nice > building block for these use cases. -- This message was sent by Atlassian Jira (v8.20.10#820010)