[QPID-8488] [Broker-J] Enhance ACL rule with multi-value properties - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Minor
Resolution: Implemented
Affects Version/s: None
Fix Version/s: qpid-java-broker-9.0.0
Component/s: Broker-J
Labels:
- ACL
- Broker
- Java

Description

We are using an extensive set of the ACL rules. Our set contains a lot of rules that differ only in single value. For example:

ACL ALLOW CON_USER CONSUME QUEUE name="broadcast.ABC.Public"
ACL ALLOW CON_USER CONSUME QUEUE name="broadcast.ABC.Private"
ACL ALLOW CON_USER CONSUME QUEUE name="broadcast.ABC.Repeat"
ACL ALLOW CON_USER CONSUME QUEUE name="response.ABC"
ACL ALLOW CON_USER CONSUME QUEUE name="error.ABC"

These rules differ only in "name" property, hence if the "name" was a multi-value property then it would allow us to merge the rules into one:

ACL ALLOW CON_USER CONSUME QUEUE name=[broadcast.ABC.Public, broadcast.ABC.Private, broadcast.ABC.Repeat, response.ABC, error.ABC]

The multi-value functionality would decrement the amount of our rules substantially and improves the broker throughput.

Proposed solution:

We could set up multiple possible values as a comma separated list in brackets. The multi-values property can be implemented as the compressed prefix tree that checks an input string in linear time.
This task depends on the QPID-8487 because the refactoring of QPID-8487 clears the way for an effective implementation.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Marek Laca

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10/Nov/20 17:39

Updated:: 11/Nov/22 12:21

Resolved:: 27/Oct/22 08:21