Author: kwall
Date: Thu Oct 30 23:37:03 2014
New Revision: 1635639
URL: http://svn.apache.org/r1635639
Log:
QPID-6108: [Java Documentation] Refactor security/auth providers section into
separate files to allow for convenient re-purposing of the document
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-ACLs.xml
- copied, changed from r1635548,
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-ACLs.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Anonymous.xml
- copied, changed from r1635548,
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Base64MD5PasswordFile.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-External.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Kerberos.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-LDAP.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5PasswordFile.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Plain.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-PlainPasswordFile.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-ScramSha.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml
- copied, changed from r1635548,
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Configuration-Encryption.xml
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Group-Providers.xml
- copied, changed from r1635548,
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml
Removed:
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-ACLs.xml
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Authentication-Providers.xml
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Configuration-Encryption.xml
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml
Modified:
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control.xml
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml
Modified:
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control.xml?rev=1635639&r1=1635638&r2=1635639&view=diff
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control.xml
(original)
+++
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control.xml
Thu Oct 30 23:37:03 2014
@@ -172,11 +172,5 @@ WARN Message send delayed by 10s due t
-Dqpid.flow_control_wait_failure=60000
-Dqpid.flow_control_wait_notify_period=10000
</programlisting>
- <section role="h3">
- <title>Older Clients</title>
- <para>
- The flow control feature was first added to the Java
broker/client in the 0.6 release. If an older client connects to the broker
then the flow control commands will be ignored by it and it will not be
blocked. So to fully benefit from this feature both Client and Broker need to
be at least version 0.6.
- </para>
- </section>
</section> <!-- Client impact and configuration -->
</section>
Modified: qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml?rev=1635639&r1=1635638&r2=1635639&view=diff
==============================================================================
--- qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml (original)
+++ qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml Thu Oct
30 23:37:03 2014
@@ -22,8 +22,8 @@
<chapter id="Java-Broker-Security">
<title>Security</title>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Group-Providers.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-ACLs.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Configuration-Encryption.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="security/Java-Broker-Security-Authentication-Providers.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="security/Java-Broker-Security-Group-Providers.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="security/Java-Broker-Security-ACLs.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="security/Java-Broker-Security-Configuration-Encryption.xml"/>
</chapter>
Copied:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-ACLs.xml
(from r1635548,
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-ACLs.xml)
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-ACLs.xml?p2=qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-ACLs.xml&p1=qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-ACLs.xml&r1=1635548&r2=1635639&rev=1635639&view=diff
==============================================================================
(empty)
Copied:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Anonymous.xml
(from r1635548,
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml)
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Anonymous.xml?p2=qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Anonymous.xml&p1=qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml&r1=1635548&r2=1635639&rev=1635639&view=diff
==============================================================================
--- qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security.xml (original)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Anonymous.xml
Thu Oct 30 23:37:03 2014
@@ -1,4 +1,6 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
<!--
Licensed to the Apache Software Foundation (ASF) under one
@@ -19,11 +21,10 @@
under the License.
-->
+<section id="Java-Broker-Security-Anonymous-Provider">
+ <title>Anonymous</title>
-<chapter id="Java-Broker-Security">
- <title>Security</title>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Group-Providers.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-ACLs.xml"/>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Configuration-Encryption.xml"/>
-</chapter>
+ <para> The Anonymous Authentication Provider will allow users to connect
with or without
+ credentials and result in their identification on the broker as the user
ANONYMOUS. This
+ Provider does not require specification of any additional attributes on
creation. </para>
+</section>
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Base64MD5PasswordFile.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Base64MD5PasswordFile.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Base64MD5PasswordFile.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Base64MD5PasswordFile.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<section id="Java-Broker-Security-Base64MD5PasswordFile-Provider">
+ <title>Base64MD5 Password File <emphasis>(Deprecated)</emphasis></title>
+ <para><emphasis>This provider is deprecated and will be removed in a
future release. The
+ <link linkend="Java-Broker-Security-MD5-Provider">MD5</link> provider
should be used
+ instead.</emphasis></para>
+ <para> Base64MD5PasswordFile Provider uses local file to store and manage
user credentials
+ similar to PlainPasswordFile but instead of storing a password the MD5
password digest encoded
+ with Base64 encoding is stored in the file. When creating an
authentication provider the path
+ to the file needs to be specified. If specified file does not exist an
empty file is created
+ automatically on Authentication Provider creation. On
Base64MD5PasswordFile Provider deletion
+ the password file is deleted as well.</para>
+ <para>For this provider user credentials can be added, removed or changed
using
+ Management.</para>
+ <section>
+ <title>Base64MD5 File Format</title>
+ <para> The user credentials are stored on the single file line as user
name and user password
+ pairs separated by colon character. The password is stored MD5
digest/Base64 encoded. This
+ file must not be modified externally whilst the Broker is
running.</para>
+ </section>
+</section>
\ No newline at end of file
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-External.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-External.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-External.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-External.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<section id="Java-Broker-Security-External-Provider">
+ <title>External (SSL Client Certificates)</title>
+
+ <para> When <link linkend="Java-Broker-Management-Managing-Truststores">
requiring SSL Client
+ Certificates</link> be presented the External Authentication Provider
can be used, such that
+ the user is authenticated based on trust of their certificate alone,
and the X500Principal
+ from the SSL session is then used as the username for the connection,
instead of also
+ requiring the user to present a valid username and password. </para>
+
+ <para>
+ <emphasis role="bold">Note:</emphasis> The External Authentication
Provider should typically
+ only be used on the AMQP/HTTP ports, in conjunction with <link
+ linkend="Java-Broker-Management-Managing-Ports">SSL client
certificate
+ authentication</link>. It is not intended for other uses such as
the JMX management port and
+ will treat any non-sasl authentication processes on these ports as
successful with the given
+ username. As such you should configure another Authentication Provider
for use on JMX
+ ports.</para>
+
+ <para>On creation of External Provider the use of full DN or username CN
as a principal name can
+ be configured. If attribute "Use the full DN as the Username" is set
to "true" the full DN is
+ used as an authenticated principal name. If attribute "Use the full DN
as the Username" is set
+ to "false" the user name CN part is used as the authenticated
principal name. Setting the
+ field to "false" is particular useful when <link
linkend="Java-Broker-Security-ACLs"
+ >ACL</link> is required, as at the moment, ACL does not support
commas in the user name.
+ </para>
+</section>
+
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Kerberos.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Kerberos.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Kerberos.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Kerberos.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<section id="Java-Broker-Security-Kerberos-Provider">
+ <title>Kerberos</title>
+
+ <para> Kereberos Authentication Provider uses java GSS-API SASL mechanism
to authenticate the
+ connections. </para>
+
+ <para> Configuration of kerberos is done through system properties (there
doesn't seem to be a
+ way around this unfortunately). </para>
+
+ <programlisting>
+ export JAVA_OPTS=-Djavax.security.auth.useSubjectCredsOnly=false
-Djava.security.auth.login.config=qpid.conf
+ ${QPID_HOME}/bin/qpid-server
+ </programlisting>
+
+ <para>Where qpid.conf would look something like this:</para>
+
+ <programlisting><![CDATA[
+com.sun.security.jgss.accept {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ doNotPrompt=true
+ realm="EXAMPLE.COM"
+ useSubjectCredsOnly=false
+ kdc="kerberos.example.com"
+ keyTab="/path/to/keytab-file"
+ principal="<name>/<host>";
+};]]></programlisting>
+
+ <para> Where realm, kdc, keyTab and principal should obviously be set
correctly for the
+ environment where you are running (see the existing documentation for
the C++ broker about
+ creating a keytab file). </para>
+
+ <para> Note: You may need to install the "Java Cryptography Extension
(JCE) Unlimited Strength
+ Jurisdiction Policy Files" appropriate for your JDK in order to get
Kerberos support working. </para>
+
+ <para> Since Kerberos support only works where SASL authentication is
available (e.g. not for
+ JMX authentication) you may wish to also include an alternative
Authentication Provider
+ configuration, and use this for JMX and HTTP ports. </para>
+
+</section>
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-LDAP.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-LDAP.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-LDAP.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-LDAP.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";
+[
+<!ENTITY % entities SYSTEM "../commonEntities.xml">
+%entities;
+]>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<section id="Java-Broker-Security-LDAP-Provider">
+ <title>Simple LDAP</title>
+
+ <para> The Simple LDAP authenticates connections against a Directory
(LDAP). </para>
+ <para> To create a SimpleLDAPAuthenticationProvider the following
mandatory fields are required: <itemizedlist>
+ <listitem>
+ <para><emphasis>LDAP server URL</emphasis> is the URL of the
server, for example,
+ <literal>ldaps://example.com:636</literal></para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Search context</emphasis> is the distinguished
name of the search base
+ object. It defines the location from which the search for
users begins, for example,
+ <literal>dc=users,dc=example,dc=com</literal></para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Search filter</emphasis> is a DN template to find
an LDAP user entry by
+ provided user name, for example,
<literal>(uid={0})</literal></para>
+ </listitem>
+ </itemizedlist> Additionally, the following optional fields can be
specified: <itemizedlist>
+ <listitem>
+ <para><emphasis>LDAP context factory</emphasis> is a fully
qualified class name for the
+ JNDI LDAP context factory. This class must implement the <ulink
+
url="&oracleJdkDocUrl;javax/naming/spi/InitialContextFactory.html"
+ >InitialContextFactory</ulink> interface and produce
instances of <ulink
+
url="&oracleJdkDocUrl;javax/naming/directory/DirContext.html">DirContext</ulink>.
If
+ not specified a default value of
<literal>com.sun.jndi.ldap.LdapCtxFactory</literal> is
+ used.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>LDAP authentication URL</emphasis> is the URL of
LDAP server for
+ performing "ldap bind". If not specified, the <emphasis>LDAP
server URL</emphasis> will
+ be used for both searches and authentications.</para>
+ </listitem>
+ <listitem>
+ <para><emphasis>Truststore name</emphasis> is a name of <link
+
linkend="Java-Broker-Management-Managing-Truststores-Attributes">configured
+ truststore</link>. Use this if connecting to a Directory over
SSL (i.e. ldaps://)
+ which is protected by a certificate signed by a private CA (or
utilising a self-signed
+ certificate).</para>
+ </listitem>
+ </itemizedlist>
+ </para>
+
+ <important>
+ <para>In order to protect the security of the user's password, when
using LDAP authentication,
+ you must: </para>
+ <itemizedlist>
+ <listitem>
+ <para>Use SSL on the broker's AMQP, HTTP and JMX ports to
protect the password during
+ transmission to the Broker. The Broker enforces this
restriction automatically on AMQP
+ and HTTP ports.</para>
+ </listitem>
+ <listitem>
+ <para>Authenticate to the Directory using SSL (i.e. ldaps://)
to protect the password
+ during transmission from the Broker to the
Directory.</para>
+ </listitem>
+ </itemizedlist>
+ </important>
+
+ <para> The LDAP Authentication Provider works in the following manner. If
not in <literal>bind
+ without search</literal> mode, it first connects to the Directory and
searches for the ldap
+ entity which is identified by the username. The search begins at the
distinguished name
+ identified by <literal>Search Context</literal> and uses the username
as a filter. The search
+ scope is sub-tree meaning the search will include the base object and
the subtree extending
+ beneath it. </para>
+
+ <para> If the search returns a match, or is configured in <literal>bind
without search</literal>
+ mode, the Authentication Provider then attempts to bind to the LDAP
server with the given name
+ and the password. Note that <ulink
+
url="&oracleJdkDocUrl;javax/naming/Context.html#SECURITY_AUTHENTICATION">simple
security
+ authentication</ulink> is used so the Directory receives the
password in the clear. </para>
+</section>
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<section id="Java-Broker-Security-MD5-Provider">
+ <title>MD5 Provider</title>
+
+ <para> MD5 Provider uses the Broker configuration itself to store the
database of
+ users (unlike the <link
linkend="Java-Broker-Security-Base64MD5PasswordFile-Provider"
+ >Base64MD5 Password File</link>, there is no separate password
file). Rather than store the
+ unencrypted user password (as the Plain provider does) it instead
stores the MD5 password
+ digest. This can be further encrypted using the
+ facilities described in <xref
linkend="Java-Broker-Security-Configuration-Encryption"
+ />.</para>
+ <para>For this provider user credentials can be added, removed or changed
using
+ Management.</para>
+</section>
\ No newline at end of file
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5PasswordFile.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5PasswordFile.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5PasswordFile.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-MD5PasswordFile.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://docbook.org/xml/4.5/docbookx.dtd";
+[ <!ENTITY % xinclude SYSTEM "internal/xinclude.mod">
+%xinclude;
+]>
+<book>
+ <bookinfo>
+ <title>Book with XInclude Template Title</title>
+ <author>
+ <firstname>Author First Name</firstname>
+ <surname>Author Last Name</surname>
+ </author>
+ </bookinfo>
+ <part>
+ <title>First Part </title>
+ <chapter>
+ <title>Chapter Title</title>
+ <sect1>
+ <title>Section1 Title</title>
+ <para>Text</para>
+ </sect1>
+ </chapter>
+ </part>
+</book>
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Plain.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Plain.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Plain.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-Plain.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<section id="Java-Broker-Security-Plain-Provider">
+ <title>Plain</title>
+ <para>The Plain Provider uses the Broker configuration itself to store the
database of users
+ (unlike the <link
linkend="Java-Broker-Security-PlainPasswordFile-Provider"
+ >PlainPasswordFile</link>, there is no separate password file). As
the name suggests,
+ the user data (including password) is not hashed in any way. In order
to provide encryption,
+ the facilities described in <xref
linkend="Java-Broker-Security-Configuration-Encryption"/>
+ must be used.</para>
+ <para>For this provider user credentials can be added, removed or changed
using
+ Management.</para>
+</section>
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-PlainPasswordFile.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-PlainPasswordFile.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-PlainPasswordFile.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-PlainPasswordFile.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<section id="Java-Broker-Security-PlainPasswordFile-Provider">
+ <title>Plain Password File <emphasis>(Deprecated)</emphasis></title>
+ <para><emphasis>This provider is deprecated and will be removed in a
future release. The <link
+ linkend="Java-Broker-Security-Plain-Provider">Plain</link>
provider should be used
+ instead.</emphasis></para>
+ <para> The PlainPasswordFile Provider uses local file to store and manage
user credentials. When
+ creating an authentication provider the path to the file needs to be
specified. If specified
+ file does not exist an empty file is created automatically on
Authentication Provider
+ creation. On Provider deletion the password file is deleted as
well.</para>
+ <para>For this provider user credentials can be added, removed or changed
using
+ Management.</para>
+
+ <section>
+ <title>Plain Password File Format</title>
+ <para> The user credentials are stored on the single file line as user
name and user
+ password pairs separated by colon character. This file must not be
modified externally
+ whilst the Broker is running.</para>
+ <programlisting>
+# password file format
+# <user name>: <user password>
+guest:guest
+ </programlisting>
+ </section>
+</section>
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-ScramSha.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-ScramSha.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-ScramSha.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers-ScramSha.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<section id="Java-Broker-Security-ScramSha-Providers">
+ <title>SCRAM SHA</title>
+ <para>The SCRAM SHA Providers uses the Broker configuration itself to
store the database of
+ users. The users'
+ passwords are stored as salted SHA digested password. This can be
further encrypted using the
+ facilities described in <xref
linkend="Java-Broker-Security-Configuration-Encryption"
+ />.</para>
+ <para>There are two variants of this provider, SHA1 and SHA256. SHA256 is
recommended whenever
+ possible. SHA1 is provided with compatibility with clients utilising
JDK 1.6 (which does not
+ support SHA256).</para>
+ <para>For these providers user credentials can be added, removed or
changed using
+ Management.</para>
+</section>
Added:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml?rev=1635639&view=auto
==============================================================================
---
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
(added)
+++
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Authentication-Providers.xml
Thu Oct 30 23:37:03 2014
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd";>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+<section id="Java-Broker-Security-Authentication-Providers">
+ <title>Authentication Providers</title>
+
+ <para> In order to successfully establish a connection to the Java Broker,
the connection must be
+ authenticated. The Java Broker supports a number of different
authentication schemes, each with
+ its own "authentication provider". Any number of Authentication Providers
can be configured on
+ the Broker at the same time. </para>
+
+ <important>
+ <para> Only unused Authentication Provider can be deleted. For delete
requests attempting to
+ delete Authentication Provider associated with the Ports, the errors
will be returned and
+ delete operations will be aborted. It is possible to change the
Authentication Provider on
+ Port at runtime. However, the Broker restart is required for changes on
Port to take effect.
+ </para>
+ </important>
+
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-LDAP.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-Kerberos.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-External.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-Anonymous.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-ScramSha.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-Plain.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-PlainPasswordFile.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-MD5.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="Java-Broker-Security-Authentication-Providers-Base64MD5PasswordFile.xml"/>
+ </section>
+
Copied:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml
(from r1635548,
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Configuration-Encryption.xml)
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml?p2=qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml&p1=qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Configuration-Encryption.xml&r1=1635548&r2=1635639&rev=1635639&view=diff
==============================================================================
(empty)
Copied:
qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Group-Providers.xml
(from r1635548,
qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml)
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Group-Providers.xml?p2=qpid/trunk/qpid/doc/book/src/java-broker/security/Java-Broker-Security-Group-Providers.xml&p1=qpid/trunk/qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml&r1=1635548&r2=1635639&rev=1635639&view=diff
==============================================================================
(empty)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
