Author: robbie
Date: Sun Sep 2 14:36:07 2012
New Revision: 1379984
URL: http://svn.apache.org/viewvc?rev=1379984&view=rev
Log:
NO-JIRA: publish latest java documentation for trunk
Added:
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html
Removed:
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/ch02s07.html
Modified:
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/High-Availability.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/How-to-Tune-M3-Java-Broker-Performance.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Configuration-Guide.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Debug-Logging.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Slow-Consumer-Disconnect.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-General-User-Guides.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/OtherQueueTypes.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-JMX-Management-Console.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-Config-File.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-HowTos.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-Virtualhosts-Config.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Build-HowTo.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-FAQ.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Log4j.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-SSL.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/index.html
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/pdf/AMQP-Messaging-Broker-Java-Book.pdf
Modified:
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html
URL:
http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html?rev=1379984&r1=1379983&r2=1379984&view=diff
==============================================================================
---
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html
(original)
+++
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html
Sun Sep 2 14:36:07 2012
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html;
charset=UTF-8"><title>2.2. Configuring ACLs</title><link rel="stylesheet"
href="css/style.css" type="text/css"><meta name="generator" content="DocBook
XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="AMQP
Messaging Broker (Implemented in Java)"><link rel="up"
href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link
rel="prev" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How
Tos"><link rel="next" href="Qpid-Java-SSL.html" title="2.3. Configure Java
Qpid to use a SSL connection."></head><body><div class="container"
bgcolor="white" text="black" link="#0000FF" vlink="#840084"
alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache
Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV
class="menu_box"><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A
href="http://qpid.apache.org/index.html";>Home</
A></LI><LI><A
href="http://qpid.apache.org/download.html";>Download</A></LI><LI><A
href="http://qpid.apache.org/getting_started.html";>Getting
Started</A></LI><LI><A
href="http://www.apache.org/licenses/";>License</A></LI><LI><A
href="https://cwiki.apache.org/qpid/faq.html";>FAQ</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Documentation</H3><UL><LI><A
href="http://qpid.apache.org/documentation.html#doc-release";>Latest
Release</A></LI><LI><A
href="http://qpid.apache.org/documentation.html#doc-trunk";>Trunk</A></LI><LI><A
href="http://qpid.apache.org/documentation.html#doc-archives";>Archive</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Community</H3><UL><LI><A
href="http://qpid.apache.org/getting_involved.html";>Getting
Involved</A></LI><LI><A
href="http://qpid.apache.org/source_repository.html";>Source
Repository</A></LI><LI><A href="http://q
pid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A
href="https://cwiki.apache.org/qpid/";>Wiki</A></LI><LI><A
href="https://issues.apache.org/jira/browse/qpid";>Issue
Reporting</A></LI><LI><A
href="http://qpid.apache.org/people.html";>People</A></LI><LI><A
href="http://qpid.apache.org/acknowledgements.html";>Acknowledgements</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Developers</H3><UL><LI><A
href="https://cwiki.apache.org/qpid/building.html";>Building Qpid</A></LI><LI><A
href="https://cwiki.apache.org/qpid/developer-pages.html";>Developer
Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About
AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html";>What is
AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About
Apache</H3><UL><LI><A href="http://w
ww.apache.org">Home</A></LI><LI><A
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</A></LI><LI><A
href="http://www.apache.org/foundation/thanks.html";>Thanks</A></LI><LI><A
href="http://www.apache.org/security/";>Security</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div
class="main_text_area_top"></div><div class="main_text_area_body"><DIV
class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP
Messaging Broker (Implemented in Java)</a></span> > <span
class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How
Tos</a></span> > <span class="breadcrumb-node">
+<html><head><meta http-equiv="Content-Type" content="text/html;
charset=UTF-8"><title>2.2. Configuring ACLs</title><link rel="stylesheet"
href="css/style.css" type="text/css"><meta name="generator" content="DocBook
XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="AMQP
Messaging Broker (Implemented in Java)"><link rel="up"
href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link
rel="prev" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How
Tos"><link rel="next" href="Configuring-Group-Providers.html"
title="2.3. Configuring Group Providers"></head><body><div class="container"
bgcolor="white" text="black" link="#0000FF" vlink="#840084"
alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache
Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV
class="menu_box"><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A
href="http://qpid.apache.org/index.html";>Home</A></
LI><LI><A href="http://qpid.apache.org/download.html";>Download</A></LI><LI><A
href="http://qpid.apache.org/getting_started.html";>Getting
Started</A></LI><LI><A
href="http://www.apache.org/licenses/";>License</A></LI><LI><A
href="https://cwiki.apache.org/qpid/faq.html";>FAQ</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Documentation</H3><UL><LI><A
href="http://qpid.apache.org/documentation.html#doc-release";>Latest
Release</A></LI><LI><A
href="http://qpid.apache.org/documentation.html#doc-trunk";>Trunk</A></LI><LI><A
href="http://qpid.apache.org/documentation.html#doc-archives";>Archive</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Community</H3><UL><LI><A
href="http://qpid.apache.org/getting_involved.html";>Getting
Involved</A></LI><LI><A
href="http://qpid.apache.org/source_repository.html";>Source
Repository</A></LI><LI><A href="http://qpid.
apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A
href="https://cwiki.apache.org/qpid/";>Wiki</A></LI><LI><A
href="https://issues.apache.org/jira/browse/qpid";>Issue
Reporting</A></LI><LI><A
href="http://qpid.apache.org/people.html";>People</A></LI><LI><A
href="http://qpid.apache.org/acknowledgements.html";>Acknowledgements</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Developers</H3><UL><LI><A
href="https://cwiki.apache.org/qpid/building.html";>Building Qpid</A></LI><LI><A
href="https://cwiki.apache.org/qpid/developer-pages.html";>Developer
Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About
AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html";>What is
AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About
Apache</H3><UL><LI><A href="http://www.a
pache.org">Home</A></LI><LI><A
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</A></LI><LI><A
href="http://www.apache.org/foundation/thanks.html";>Thanks</A></LI><LI><A
href="http://www.apache.org/security/";>Security</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div
class="main_text_area_top"></div><div class="main_text_area_body"><DIV
class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP
Messaging Broker (Implemented in Java)</a></span> > <span
class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How
Tos</a></span> > <span class="breadcrumb-node">
Configuring ACLs
</span></DIV><div class="section" lang="en"><div
class="titlepage"><div><div><h2 class="title"><a
name="Configuring-ACLS"></a>2.2.Â
Configuring ACLs
@@ -36,10 +36,9 @@
</pre></div><div class="section" lang="en"><div
class="titlepage"><div><div><h3 class="title"><a
name="ConfigureACLs-WriteACL"></a>2.2.2.Â
Writing .acl files
</h3></div></div></div><p>
- The ACL file consists of a series of rules and group definitions. Each
rule grants or denies specific rights to a user or group. Group
- definitions declare groups of users and serve to make the ACL file more
concise.
+ The ACL file consists of a series of rules associating behaviour for a
user or group. Use of groups can serve to make the ACL file more concise. See
<a class="link" href="Configuring-Group-Providers.html"
title="2.3. Configuring Group Providers">Configuring Group Providers</a> for
more information on defining groups.
</p><p>
- Each ACL rule grants (or denies) a particular action on a object to a
user. The rule may be augmented with one or more properties, restricting
+ Each ACL rule grants (or denies) a particular action on a object to a
user/group. The rule may be augmented with one or more properties, restricting
the rule's applicability.
</p><pre class="programlisting">
ACL ALLOW alice CREATE QUEUE # Grants alice permission to
create all queues.
@@ -75,20 +74,14 @@
</p><pre class="programlisting">
ACL {permission} {<group-name>|<user-name>>|ALL}
{action|ALL} [object|ALL] [property="<property-value>"]
</pre><p>
- GROUP definitions must follow this syntax:
- </p><pre class="programlisting">
- GROUP {group name} {username 1}..{username n} # Where username is a
username, or a groupname.
- </pre><p>
Comments may be introduced with the hash (#) character and are ignored.
Long lines can be broken with the slash (\) character.
</p><pre class="programlisting">
# A comment
ACL ALLOW admin CREATE ALL # Also a comment
ACL DENY guest \
ALL ALL # A broken line
- GROUP securegroup bob \
- alice # Another broker line
</pre></div><div class="table"><a
name="tabl-ConfigureACLs-Syntax_permissions"></a><p
class="title"><b>Table 2.2. ACL Rules: permission</b></p><div
class="table-contents"><table summary="ACL Rules: permission"
border="1"><colgroup><col><col></colgroup><tbody><tr><td><span
class="command"><strong>ALLOW</strong></span></td><td><p>Allow the
action</p></td></tr><tr><td><span
class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action
and log the action in the log </p></td></tr><tr><td><span
class="command"><strong>DENY</strong></span></td><td><p> Deny the
action</p></td></tr><tr><td><span
class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action
and log the action in the log</p></td></tr></tbody></table></div></div><br
class="table-break"><div class="table"><a
name="tabl-ConfigureACLs-Syntax_actions"></a><p
class="title"><b>Table 2.3. ACL Rules:action</b></p><div
class="table-contents"><table summary="ACL Rules:action" border
="1"><colgroup><col><col></colgroup><tbody><tr><td> <span
class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when
subscriptions are created </p> </td></tr><tr><td> <span
class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per
message basis on publish message transfers</p> </td></tr><tr><td> <span
class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an
object is created, such as bindings, queues, exchanges</p> </td></tr><tr><td>
<span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when
an object is read or accessed</p> </td></tr><tr><td> <span
class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues
are bound to exchanges</p> </td></tr><tr><td> <span
class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when
queues are unbound from exchanges</p> </td></tr><tr><td> <span
class="command"><strong>DELETE</strong></span> </td><td> <p> Applied when
objects are d
eleted </p> </td></tr><tr><td> <span
class="command"><strong>PURGE</strong></span> </td><td>
- <p>Applied when purge the contents of a queue</p> </td></tr><tr><td>
<span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when
an object is updated </p> </td></tr></tbody></table></div></div><br
class="table-break"><div class="table"><a
name="tabl-ConfigureACLs-Syntax_objects"></a><p
class="title"><b>Table 2.4. ACL Rules:object</b></p><div
class="table-contents"><table summary="ACL Rules:object"
border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span
class="command"><strong>QUEUE</strong></span> </td><td> <p> A queue </p>
</td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span>
</td><td> <p> An exchange </p> </td></tr><tr><td> <span
class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p> A virtualhost
(Java Broker only)</p> </td></tr><tr><td> <span
class="command"><strong>METHOD</strong></span> </td><td> <p> Management or
agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span
class="comm
and"><strong>BROKER</strong></span> </td><td> <p> The broker (not currently
used in Java Broker)</p> </td></tr><tr><td> <span
class="command"><strong>LINK</strong></span> </td><td> <p> A federation or
inter-broker link (not currently used in Java Broker)</p>
</td></tr></tbody></table></div></div><br class="table-break"><div
class="table"><a name="tabl-ConfigureACLs-Syntax_properties"></a><p
class="title"><b>Table 2.5. ACL Rules:property</b></p><div
class="table-contents"><table summary="ACL Rules:property"
border="1"><colgroup><col><col></colgroup><tbody><tr><td><span
class="command"><strong>name</strong></span> </td><td> <p> String. Object name,
such as a queue name, exchange name or JMX method name. </p>
</td></tr><tr><td> <span class="command"><strong>durable</strong></span>
</td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td>
<span class="command"><strong>routingkey</strong></span> </td><td> <p> String.
Specifies routing key </p> </td></t
r><tr><td> <span class="command"><strong>passive</strong></span> </td><td> <p>
Boolean. Indicates the presence of a <em
class="parameter"><code>passive</code></em> flag </p> </td></tr><tr><td> <span
class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean.
Indicates whether or not the object gets deleted when the connection is closed
</p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span>
</td><td> <p> Boolean. Indicates the presence of an <em
class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td>
<span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean.
Indicates the presence of an <em class="parameter"><code>temporary</code></em>
flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span>
</td><td> <p> String. Type of object, such as topic, fanout, or xml </p>
</td></tr><tr><td> <span class="command"><strong>alternate</strong></span>
</td><td> <p> String. Name of the altern
ate exchange </p> </td></tr><tr><td> <span
class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of
the queue (used only when the object is something other than <em
class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span
class="command"><strong>component</strong></span> </td><td> <p> String. JMX
component name (Java Broker only)</p> </td></tr><tr><td> <span
class="command"><strong>schemapackage</strong></span> </td><td> <p> String. QMF
schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span
class="command"><strong>schemaclass</strong></span> </td><td> <p> String. QMF
schema class name (Not used in Java Broker)</p>
</td></tr></tbody></table></div></div><br class="table-break"><div
class="table"><a name="tabl-ConfigureACLs-Syntax_javacomponents"></a><p
class="title"><b>Table 2.6. ACL rules:components (Java Broker
only)</b></p><div class="table-contents"><table summary="ACL rules:components
(Java Broker only)" bord
er="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span
class="command"><strong>UserManagement</strong></span> </td><td> <p>User
maintainance; create/delete/view users, change passwords etc</p> </td><td>
<p>permissionable at broker level only</p> </td></tr><tr><td> <span
class="command"><strong>ConfigurationManagement</strong></span> </td><td>
<p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable
at broker level only</p> </td></tr><tr><td> <span
class="command"><strong>LoggingManagement</strong></span> </td><td>
<p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at
broker level only</p> </td></tr><tr><td> <span
class="command"><strong>ServerInformation</strong></span> </td><td>
<p>Read-only information regarding the Qpid: version number etc</p> </td><td>
<p>permissionable at broker level only</p> </td></tr><tr><td> <span
class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue
maintainance; copy/m
ove/purge/view etc</p> </td><td class="auto-generated">Â </td></tr><tr><td>
<span class="command"><strong>VirtualHost.Exchange</strong></span> </td><td>
<p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td
class="auto-generated">Â </td></tr><tr><td> <span
class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td>
<p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td
class="auto-generated">Â </td></tr></tbody></table></div></div><br
class="table-break"><div class="section" lang="en"><div
class="titlepage"><div><div><h3 class="title"><a
name="ConfigureACLs-WorkedExamples"></a>2.2.4.Â
+ <p>Applied when purge the contents of a queue</p> </td></tr><tr><td>
<span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when
an object is updated </p> </td></tr></tbody></table></div></div><br
class="table-break"><div class="table"><a
name="tabl-ConfigureACLs-Syntax_objects"></a><p
class="title"><b>Table 2.4. ACL Rules:object</b></p><div
class="table-contents"><table summary="ACL Rules:object"
border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span
class="command"><strong>QUEUE</strong></span> </td><td> <p> A queue </p>
</td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span>
</td><td> <p> An exchange </p> </td></tr><tr><td> <span
class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p> A virtualhost
(Java Broker only)</p> </td></tr><tr><td> <span
class="command"><strong>USER</strong></span> </td><td> <p> A user (Java Broker
only)</p> </td></tr><tr><td> <span class="command"><strong>GROUP</strong></spa
n> </td><td> <p> A group (Java Broker only)</p> </td></tr><tr><td> <span
class="command"><strong>METHOD</strong></span> </td><td> <p> Management or
agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span
class="command"><strong>BROKER</strong></span> </td><td> <p> The broker (not
currently used in Java Broker)</p> </td></tr><tr><td> <span
class="command"><strong>LINK</strong></span> </td><td> <p> A federation or
inter-broker link (not currently used in Java Broker)</p>
</td></tr></tbody></table></div></div><br class="table-break"><div
class="table"><a name="tabl-ConfigureACLs-Syntax_properties"></a><p
class="title"><b>Table 2.5. ACL Rules:property</b></p><div
class="table-contents"><table summary="ACL Rules:property"
border="1"><colgroup><col><col></colgroup><tbody><tr><td><span
class="command"><strong>name</strong></span> </td><td> <p> String. Object name,
such as a queue name, exchange name or JMX method name. </p>
</td></tr><tr><td> <span class="comm
and"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the
object is durable </p> </td></tr><tr><td> <span
class="command"><strong>routingkey</strong></span> </td><td> <p> String.
Specifies routing key </p> </td></tr><tr><td> <span
class="command"><strong>passive</strong></span> </td><td> <p> Boolean.
Indicates the presence of a <em class="parameter"><code>passive</code></em>
flag </p> </td></tr><tr><td> <span
class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean.
Indicates whether or not the object gets deleted when the connection is closed
</p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span>
</td><td> <p> Boolean. Indicates the presence of an <em
class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td>
<span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean.
Indicates the presence of an <em class="parameter"><code>temporary</code></em>
flag </p> </td></tr><tr><td> <span cla
ss="command"><strong>type</strong></span> </td><td> <p> String. Type of
object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span
class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of
the alternate exchange </p> </td></tr><tr><td> <span
class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of
the queue (used only when the object is something other than <em
class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span
class="command"><strong>component</strong></span> </td><td> <p> String. JMX
component name (Java Broker only)</p> </td></tr><tr><td> <span
class="command"><strong>schemapackage</strong></span> </td><td> <p> String. QMF
schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span
class="command"><strong>schemaclass</strong></span> </td><td> <p> String. QMF
schema class name (Not used in Java Broker)</p>
</td></tr></tbody></table></div></div><br class="table-break"><div class="table
"><a name="tabl-ConfigureACLs-Syntax_javacomponents"></a><p
class="title"><b>Table 2.6. ACL rules:components (Java Broker
only)</b></p><div class="table-contents"><table summary="ACL rules:components
(Java Broker only)"
border="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span
class="command"><strong>UserManagement</strong></span> </td><td> <p>User
maintainance; create/delete/view users, change passwords etc</p> </td><td>
<p>permissionable at broker level only</p> </td></tr><tr><td> <span
class="command"><strong>ConfigurationManagement</strong></span> </td><td>
<p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable
at broker level only</p> </td></tr><tr><td> <span
class="command"><strong>LoggingManagement</strong></span> </td><td>
<p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at
broker level only</p> </td></tr><tr><td> <span
class="command"><strong>ServerInformation</strong></span> </td><td>
<p>Read-only
information regarding the Qpid: version number etc</p> </td><td>
<p>permissionable at broker level only</p> </td></tr><tr><td> <span
class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue
maintainance; copy/move/purge/view etc</p> </td><td
class="auto-generated">Â </td></tr><tr><td> <span
class="command"><strong>VirtualHost.Exchange</strong></span> </td><td>
<p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td
class="auto-generated">Â </td></tr><tr><td> <span
class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td>
<p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td
class="auto-generated">Â </td></tr></tbody></table></div></div><br
class="table-break"><div class="section" lang="en"><div
class="titlepage"><div><div><h3 class="title"><a
name="ConfigureACLs-WorkedExamples"></a>2.2.4.Â
Worked Examples
</h3></div></div></div><p>
Here are three example ACLs illustrating some common use-cases.
@@ -97,15 +90,15 @@
</h4></div></div></div><p>
Suppose you wish to permission two users: a user 'operator' must be
able to perform all Management operations, and
a user 'readonly' must be enable to perform only read-only functions.
Neither 'operator' nor 'readonly'
- should be allow to connect for messaging.
+ should be allowed to connect clients for messaging.
</p><pre class="programlisting">
- # Give operator permission to execute all JMX Methods
- ACL ALLOW operator ALL METHOD
- # Give operator permission to execute only read-only JMX Methods
- ACL ALLOW readonly ACCESS METHOD
- # Deny operator/readonly permission to perform messaging.
- ACL DENY operator ACCESS VIRTUALHOST
- ACL DENY readonly ACCESS VIRTUALHOST
+ # Deny (loggged) operator/readonly permission to connect messaging
clients.
+ ACL DENY-LOG operator ACCESS VIRTUALHOST
+ ACL DENY-LOG readonly ACCESS VIRTUALHOST
+ # Give operator permission to perfom all other actions
+ ACL ALLOW operator ALL ALL
+ # Give readonly permission to execute only read-only actions
+ ACL ALLOW readonly ACCESS ALL
...
... rules for other users
...
@@ -114,15 +107,15 @@
</pre></div><div class="section" lang="en"><div
class="titlepage"><div><div><h4 class="title"><a
name="ConfigureACLs-WorkedExample2"></a>2.2.4.2.Â
Worked example 2 - User maintainer group
</h4></div></div></div><p>
- Suppose you wish to restrict User Management operations to users
belonging to a group 'usermaint'. No other user
- is allowed to perform user maintainence This example illustrates the
permissioning of a individual component
- and a group definition.
+ Suppose you wish to restrict User Management operations to users
belonging to a <a class="link" href="Configuring-Group-Providers.html"
title="2.3. Configuring Group Providers">group</a> 'usermaint'. No other user
+ is allowed to perform user maintainence This example illustrates the
permissioning of an individual component.
</p><pre class="programlisting">
- # Create a group usermaint with members bob and alice
- GROUP usermaint bob alice
- # Give operator permission to execute all JMX Methods
+ # Give usermaint permission to execute all JMX Methods on the
+ # UserManagement MBean and perform all actions for USER objects
ACL ALLOW usermaint ALL METHOD component="UserManagement"
+ ACL ALLOW usermaint ALL USER
ACL DENY ALL ALL METHOD component="UserManagement"
+ ACL DENY ALL ALL USER
...
... rules for other users
...
@@ -158,6 +151,4 @@
ACL ALLOW server PUBLISH EXCHANGE name="amq.direct"
routingKey="TempQueue*"
ACL DENY-LOG all all
- </pre></div></div></div></div><div class="navfooter"><hr><table
width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a
accesskey="p" href="Qpid-Java-Broker-HowTos.html">Prev</a>Â </td><td
width="20%" align="center"><a accesskey="u"
href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%"
align="right">Â <a accesskey="n"
href="Qpid-Java-SSL.html">Next</a></td></tr><tr><td width="40%" align="left"
valign="top">Chapter 2. How Tos </td><td width="20%" align="center"><a
accesskey="h" href="index.html">Home</a></td><td width="40%" align="right"
valign="top">Â 2.3.Â
- Configure Java Qpid to use a SSL connection.
- </td></tr></table></div><div
class="main_text_area_bottom"></div></div></div></body></html>
+ </pre></div></div></div></div><div class="navfooter"><hr><table
width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a
accesskey="p" href="Qpid-Java-Broker-HowTos.html">Prev</a>Â </td><td
width="20%" align="center"><a accesskey="u"
href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%"
align="right">Â <a accesskey="n"
href="Configuring-Group-Providers.html">Next</a></td></tr><tr><td width="40%"
align="left" valign="top">Chapter 2. How Tos </td><td width="20%"
align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%"
align="right" valign="top"> 2.3. Configuring Group
Providers</td></tr></table></div><div
class="main_text_area_bottom"></div></div></div></body></html>
Added:
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html
URL:
http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html?rev=1379984&view=auto
==============================================================================
---
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html
(added)
+++
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html
Sun Sep 2 14:36:07 2012
@@ -0,0 +1,126 @@
+<html><head><meta http-equiv="Content-Type" content="text/html;
charset=UTF-8"><title>2.8. Configuring Authentication Mechanisms</title><link
rel="stylesheet" href="css/style.css" type="text/css"><meta name="generator"
content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html"
title="AMQP Messaging Broker (Implemented in Java)"><link rel="up"
href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link
rel="prev" href="Qpid-Java-Broker-Virtualhosts-Config.html" title="2.7.Â
Configure the Virtual Hosts via virtualhosts.xml"><link rel="next"
href="Java-Broker-Debug-Logging.html" title="2.9. Debug using
log4j"></head><body><div class="container" bgcolor="white" text="black"
link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV
class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP
Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache
Qpid</H3><UL><LI
><A href="http://qpid.apache.org/index.html";>Home</A></LI><LI><A
>href="http://qpid.apache.org/download.html";>Download</A></LI><LI><A
>href="http://qpid.apache.org/getting_started.html";>Getting
>Started</A></LI><LI><A
>href="http://www.apache.org/licenses/";>License</A></LI><LI><A
>href="https://cwiki.apache.org/qpid/faq.html";>FAQ</A></LI></UL></DIV><DIV
>class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
>class="menu_box_body"><H3>Documentation</H3><UL><LI><A
>href="http://qpid.apache.org/documentation.html#doc-release";>Latest
>Release</A></LI><LI><A
>href="http://qpid.apache.org/documentation.html#doc-trunk";>Trunk</A></LI><LI><A
>
>href="http://qpid.apache.org/documentation.html#doc-archives";>Archive</A></LI></UL></DIV><DIV
> class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
>class="menu_box_body"><H3>Community</H3><UL><LI><A
>href="http://qpid.apache.org/getting_involved.html";>Getting
>Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.ht
ml">Source Repository</A></LI><LI><A
href="http://qpid.apache.org/mailing_lists.html";>Mailing Lists</A></LI><LI><A
href="https://cwiki.apache.org/qpid/";>Wiki</A></LI><LI><A
href="https://issues.apache.org/jira/browse/qpid";>Issue
Reporting</A></LI><LI><A
href="http://qpid.apache.org/people.html";>People</A></LI><LI><A
href="http://qpid.apache.org/acknowledgements.html";>Acknowledgements</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Developers</H3><UL><LI><A
href="https://cwiki.apache.org/qpid/building.html";>Building Qpid</A></LI><LI><A
href="https://cwiki.apache.org/qpid/developer-pages.html";>Developer
Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About
AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html";>What is
AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV
class="menu_box_top"></DIV><DIV class="menu_box_b
ody"><H3>About Apache</H3><UL><LI><A
href="http://www.apache.org";>Home</A></LI><LI><A
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</A></LI><LI><A
href="http://www.apache.org/foundation/thanks.html";>Thanks</A></LI><LI><A
href="http://www.apache.org/security/";>Security</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div
class="main_text_area_top"></div><div class="main_text_area_body"><DIV
class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP
Messaging Broker (Implemented in Java)</a></span> > <span
class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How
Tos</a></span> > <span class="breadcrumb-node">Configuring Authentication
Mechanisms</span></DIV><div class="section" lang="en"><div
class="titlepage"><div><div><h2 class="title"><a
name="Configuring-Authentication-Mechanisms"></a>2.8. Configuring
Authentication Mechanisms</h2></div></div></div><p>
+ In order to successfully establish a connection to the Java Broker, the
connection must be
+ authenticated. The Java Broker supports a number of different
authentication schemesi, each
+ with its own "authentication manager". Different managers may be used on
different ports.
+ Each manager has its own configuration element, the presence of which
within the
+ <security> section denotes the use of that authentication mechanism.
Where only one
+ such manager is configured, that manager will be used on all ports
(including JMX). Where
+ more than one authentication manager is configured the configuration must
define which
+ manager is the "default", and (if required) the mapping of non-default
authentication
+ managers to other ports.
+ </p><p>
+ The following configuration sets up three authentication managers, using a
password file as
+ the default (e.g. for the JMX port), Kerberos on port 5672 and Anonymous
on 5673.
+ </p><pre class="programlisting">
+ <security>
+ <pd-auth-manager>
+ <principal-database>
+
<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
+ <attributes>
+ <attribute>
+ <name>passwordFile</name>
+ <value>${conf}/passwd</value>
+ </attribute>
+ </attributes>
+ </principal-database>
+ </pd-auth-manager>
+
<kerberos-auth-manager><auth-name>sib</auth-name></kerberos-auth-manager>
+ <anonymous-auth-manager></anonymous-auth-manager>
+
<default-auth-manager>PrincipalDatabaseAuthenticationManager</default-auth-manager>
+ <port-mappings>
+ <port-mapping>
+ <port>5672</port>
+
<auth-manager>KerberosAuthenticationManager</auth-manager>
+ </port-mapping>
+ <port-mapping>
+ <port>5673</port>
+
<auth-manager>AnonymousAuthenticationManager</auth-manager>
+ </port-mapping>
+ </port-mappings>
+ </security>
+ </pre><div class="section" lang="en"><div class="titlepage"><div><div><h3
class="title"><a name="id2497242"></a>2.8.1. Password
File</h3></div></div></div></div><div class="section" lang="en"><div
class="titlepage"><div><div><h3 class="title"><a
name="id2497892"></a>2.8.2. LDAP</h3></div></div></div><pre
class="programlisting">
+ <security>
+ <simple-ldap-auth-manager>
+ <provider-url>ldaps://example.com:636/</provider-url>
+ <search-context>dc=example\,dc=com</search-context>
+ <search-filter>(uid={0})</search-filter>
+ </simple-ldap-auth-manager>
+ </security>
+ </pre><p>
+ The authentication manager first connects to the ldap server anonymously
and searches for the
+ ldap entity which is identified by the username provided over SASL.
Essentially the
+ authentication manager calls
+ DirContext.search(Name name, String filterExpr, Object[] filterArgs,
SearchControls cons)
+ with the values of search-context and search-filter as the first two
arguments, and the username
+ as the only element in the array which is the third argument.
+ </p><p>
+ If the search returns a name from the LDAP server, the
AuthenticationManager then attempts to
+ login to the ldap server with the given name and the password.
+ </p><p>
+ If the URL to open for authentication is different to that for the search,
then the
+ authentication url can be overridden using <provider-auth-url> in
addition to providing a
+ <provider-url>. Note that the URL used for authentication should use
ldaps:// since
+ passwords will be being sent over it.
+ </p><p>
+ By default com.sun.jndi.ldap.LdapCtxFactory is used to create the context,
however this can be
+ overridden by specifying <ldap-context-factory> in the configuration.
+ </p></div><div class="section" lang="en"><div
class="titlepage"><div><div><h3 class="title"><a
name="id2497939"></a>2.8.3. Kerberos</h3></div></div></div><p>
+ Kereberos Authentication is configured using the
<kerberos-auth-manager> element within
+ the <security> section. When referencing from the
default-auth-manager or port-mapping
+ sections, its name is KerberosAuthenticationManager.
+ </p><p>
+ Since Kerberos support only works where SASL authentication is available
(e.g. not for JMX
+ authentication) you may wish to also include an alternative Authentication
Manager
+ configuration, and use this for other ports:
+ </p><pre class="programlisting">
+ <security>
+ <pd-auth-manager>
+ <principal-database>
+
<class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
+ <attributes>
+ <attribute>
+ <name>passwordFile</name>
+ <value>${conf}/passwd</value>
+ </attribute>
+ </attributes>
+ </principal-database>
+ </pd-auth-manager>
+
<kerberos-auth-manager><auth-name>sib</auth-name></kerberos-auth-manager>
+
<default-auth-manager>PrincipalDatabaseAuthenticationManager</default-auth-manager>
+ <port-mappings>
+ <port-mapping>
+ <port>5672</port>
+
<auth-manager>KerberosAuthenticationManager</auth-manager>
+ </port-mapping>
+ </port-mappings>
+ </security>
+ </pre><p>
+ Configuration of kerberos is done through system properties (there doesn't
seem to be a way
+ around this unfortunately).
+ </p><pre class="programlisting">
+ export QPID_OPTS=-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.auth.login.config=qpid.conf
+ ${QPID_HOME}/bin/qpid-server
+ </pre><p>Where qpid.conf would look something like this:</p><pre
class="programlisting">
+com.sun.security.jgss.accept {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ doNotPrompt=true
+ realm="EXAMPLE.COM"
+ useSubjectCredsOnly=false
+ kdc="kerberos.example.com"
+ keyTab="/path/to/keytab-file"
+ principal="<name>/<host>";
+};
+ </pre><p>
+ Where realm, kdc, keyTab and principal should obviously be set correctly
for the environment
+ where you are running (see the existing documentation for the C++ broker
about creating a keytab
+ file).
+ </p><p>
+ Note: You may need to install the "Java Cryptography Extension (JCE)
Unlimited Strength
+ Jurisdiction Policy Files" appropriate for your JDK in order to get
Kerberos support working.
+ </p></div><div class="section" lang="en"><div
class="titlepage"><div><div><h3 class="title"><a
name="id2496729"></a>2.8.4. SSL Client
Certificates</h3></div></div></div></div><div class="section" lang="en"><div
class="titlepage"><div><div><h3 class="title"><a
name="id2496734"></a>2.8.5. Anonymous</h3></div></div></div></div></div></div><div
class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td
width="40%" align="left"><a accesskey="p"
href="Qpid-Java-Broker-Virtualhosts-Config.html">Prev</a>Â </td><td width="20%"
align="center"><a accesskey="u"
href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%"
align="right">Â <a accesskey="n"
href="Java-Broker-Debug-Logging.html">Next</a></td></tr><tr><td width="40%"
align="left" valign="top">2.7.Â
+ Configure the Virtual Hosts via virtualhosts.xml
+ Â </td><td width="20%" align="center"><a accesskey="h"
href="index.html">Home</a></td><td width="40%" align="right"
valign="top">Â 2.9.Â
+ Debug using log4j
+ </td></tr></table></div><div
class="main_text_area_bottom"></div></div></div></body></html>
Added:
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html
URL:
http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html?rev=1379984&view=auto
==============================================================================
---
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html
(added)
+++
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html
Sun Sep 2 14:36:07 2012
@@ -0,0 +1,35 @@
+<html><head><meta http-equiv="Content-Type" content="text/html;
charset=UTF-8"><title>2.3. Configuring Group Providers</title><link
rel="stylesheet" href="css/style.css" type="text/css"><meta name="generator"
content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html"
title="AMQP Messaging Broker (Implemented in Java)"><link rel="up"
href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link
rel="prev" href="Configuring-ACLS.html" title="2.2. Configuring ACLs"><link
rel="next" href="Qpid-Java-SSL.html" title="2.4. Configure Java Qpid to use a
SSL connection."></head><body><div class="container" bgcolor="white"
text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV
class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP
Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache
Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html";>Ho
me</A></LI><LI><A
href="http://qpid.apache.org/download.html";>Download</A></LI><LI><A
href="http://qpid.apache.org/getting_started.html";>Getting
Started</A></LI><LI><A
href="http://www.apache.org/licenses/";>License</A></LI><LI><A
href="https://cwiki.apache.org/qpid/faq.html";>FAQ</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Documentation</H3><UL><LI><A
href="http://qpid.apache.org/documentation.html#doc-release";>Latest
Release</A></LI><LI><A
href="http://qpid.apache.org/documentation.html#doc-trunk";>Trunk</A></LI><LI><A
href="http://qpid.apache.org/documentation.html#doc-archives";>Archive</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Community</H3><UL><LI><A
href="http://qpid.apache.org/getting_involved.html";>Getting
Involved</A></LI><LI><A
href="http://qpid.apache.org/source_repository.html";>Source
Repository</A></LI><LI><A href="http
://qpid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A
href="https://cwiki.apache.org/qpid/";>Wiki</A></LI><LI><A
href="https://issues.apache.org/jira/browse/qpid";>Issue
Reporting</A></LI><LI><A
href="http://qpid.apache.org/people.html";>People</A></LI><LI><A
href="http://qpid.apache.org/acknowledgements.html";>Acknowledgements</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV
class="menu_box_body"><H3>Developers</H3><UL><LI><A
href="https://cwiki.apache.org/qpid/building.html";>Building Qpid</A></LI><LI><A
href="https://cwiki.apache.org/qpid/developer-pages.html";>Developer
Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About
AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html";>What is
AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About
Apache</H3><UL><LI><A href="http
://www.apache.org">Home</A></LI><LI><A
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</A></LI><LI><A
href="http://www.apache.org/foundation/thanks.html";>Thanks</A></LI><LI><A
href="http://www.apache.org/security/";>Security</A></LI></UL></DIV><DIV
class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div
class="main_text_area_top"></div><div class="main_text_area_body"><DIV
class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP
Messaging Broker (Implemented in Java)</a></span> > <span
class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How
Tos</a></span> > <span class="breadcrumb-node">Configuring Group
Providers</span></DIV><div class="section" lang="en"><div
class="titlepage"><div><div><h2 class="title"><a
name="Configuring-Group-Providers"></a>2.3. Configuring Group
Providers</h2></div></div></div><p>
+ The Java broker utilises GroupProviders to allow assigning users to groups
for use in <a class="link" href="Configuring-ACLS.html" title="2.2.Â
Configuring ACLs">ACLs</a>. Following authentication by a given <a class="link"
href="Configuring-Authentication-Mechanisms.html" title="2.8. Configuring
Authentication Mechanisms">Authentication Provider</a>, the configured Group
Providers are consulted to allowing assignment of GroupPrincipals for a given
authenticated user.
+ </p><div class="section" lang="en"><div class="titlepage"><div><div><h3
class="title"><a
name="File-Group-Manager"></a>2.3.1. FileGroupManager</h3></div></div></div><p>
+ The FileGroupManager allows specifying group membership in a flat file
on disk, and is also exposed for inspection and update through the brokers HTTP
management interface.
+ </p><p>
+ To enable the FileGroupManager, add the following configuration to the
config.xml, adjusting the groupFile attribute value to match your desired
groups file location.
+ </p><pre class="programlisting">
+ ...
+ <security>
+ <file-group-manager>
+ <attributes>
+ <attribute>
+ <name>groupFile</name>
+ <value>${conf}/groups</value>
+ </attribute>
+ </attributes>
+ </file-group-manager>
+ </security>
+ ...
+</pre><div class="section" lang="en"><div class="titlepage"><div><div><h4
class="title"><a name="File-Group-Manager-FileFormat"></a>2.3.1.1. File
Format</h4></div></div></div><p>
+ The groups file has the following format:
+ </p><pre class="programlisting">
+ # <GroupName>.users = <comma deliminated user list>
+ # For example:
+
+ administrators.users = admin,manager
+</pre><p>
+ Only users can be added to a group currently, not other groups.
Usernames can't contain commas.
+ </p><p>
+ Lines starting with a '#' are treated as comments when opening the
file, but these are not preserved when the broker updates the file due to
changes made through the management interface.
+ </p></div></div></div></div><div class="navfooter"><hr><table
width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a
accesskey="p" href="Configuring-ACLS.html">Prev</a>Â </td><td width="20%"
align="center"><a accesskey="u"
href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%"
align="right">Â <a accesskey="n"
href="Qpid-Java-SSL.html">Next</a></td></tr><tr><td width="40%" align="left"
valign="top">2.2.Â
+ Configuring ACLs
+ Â </td><td width="20%" align="center"><a accesskey="h"
href="index.html">Home</a></td><td width="40%" align="right"
valign="top">Â 2.4.Â
+ Configure Java Qpid to use a SSL connection.
+ </td></tr></table></div><div
class="main_text_area_bottom"></div></div></div></body></html>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
