Qpid
  1. Qpid
  2. QPID-4185

update example ACL example to be clearer and reduce extraneous logging from management operations

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 0.16
    • Fix Version/s: 0.19
    • Component/s: Java Broker
    • Labels:
      None

      Description

      The etc/broker_example.acl file currently contains an example of what users probably dont usually want to do with regards to logging ACL events for admin management users.

      By using ALLOW-LOG or DENY-LOG for all of the rules, this will have the result of logging a lot of extraneous info to do with individual JMX calls to retrieve attributes, get mbeaninfo, perform instanceof checks etc. Just having managemetn consoles (our own, Jconsole, etc) will produce a lot of log spam as a result when they poll for new info.

      What most users probably want typically is to allow 'read only' events by permissioning the 'ACCESS' operations using ALLOW and then seperately permission the others with ALLOW-LOG, thus removing the noise and ensuring only operations that can actually cause change are logged, e.g:

      ACL ALLOW admin ACCESS METHOD
      ACL ALLOW-LOG admin ALL METHOD
      

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Robbie Gemmell
            Reporter:
            Alex Rudyy
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development