Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-4185

update example ACL example to be clearer and reduce extraneous logging from management operations

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 0.16
    • Fix Version/s: 0.19
    • Component/s: Broker-J
    • Labels:
      None

      Description

      The etc/broker_example.acl file currently contains an example of what users probably dont usually want to do with regards to logging ACL events for admin management users.

      By using ALLOW-LOG or DENY-LOG for all of the rules, this will have the result of logging a lot of extraneous info to do with individual JMX calls to retrieve attributes, get mbeaninfo, perform instanceof checks etc. Just having managemetn consoles (our own, Jconsole, etc) will produce a lot of log spam as a result when they poll for new info.

      What most users probably want typically is to allow 'read only' events by permissioning the 'ACCESS' operations using ALLOW and then seperately permission the others with ALLOW-LOG, thus removing the noise and ensuring only operations that can actually cause change are logged, e.g:

      ACL ALLOW admin ACCESS METHOD
      ACL ALLOW-LOG admin ALL METHOD
      

        Attachments

          Activity

            People

            • Assignee:
              gemmellr Robbie Gemmell
              Reporter:
              alex.rufous Alex Rudyy
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: