http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/Java-Broker-Security-Group-Providers.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/Java-Broker-Security-Group-Providers.html b/content/releases/qpid-broker-j-7.0.6/book/Java-Broker-Security-Group-Providers.html new file mode 100644 index 0000000..2d227ad --- /dev/null +++ b/content/releases/qpid-broker-j-7.0.6/book/Java-Broker-Security-Group-Providers.html @@ -0,0 +1,179 @@ +<!DOCTYPE html> +<!-- + - + - Licensed to the Apache Software Foundation (ASF) under one + - or more contributor license agreements. See the NOTICE file + - distributed with this work for additional information + - regarding copyright ownership. The ASF licenses this file + - to you under the Apache License, Version 2.0 (the + - "License"); you may not use this file except in compliance + - with the License. You may obtain a copy of the License at + - + - http://www.apache.org/licenses/LICENSE-2.0 + - + - Unless required by applicable law or agreed to in writing, + - software distributed under the License is distributed on an + - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + - KIND, either express or implied. See the License for the + - specific language governing permissions and limitations + - under the License. + - +--> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>8.2. Group Providers - Apache Qpid™</title> + <meta http-equiv="X-UA-Compatible" content="IE=edge"/> + <meta name="viewport" content="width=device-width, initial-scale=1.0"/> + <link rel="stylesheet" href="/site.css" type="text/css" async="async"/> + <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/> + <script type="text/javascript">var _deferredFunctions = [];</script> + <script type="text/javascript" src="/deferred.js" defer="defer"></script> + <!--[if lte IE 8]> + <link rel="stylesheet" href="/ie.css" type="text/css"/> + <script type="text/javascript" src="/html5shiv.js"></script> + <![endif]--> + + <!-- Redirects for `go get` and godoc.org --> + <meta name="go-import" + content="qpid.apache.org git https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/> + <meta name="go-source" + content="qpid.apache.org +https://github.com/apache/qpid-proton/blob/go1/README.md +https://github.com/apache/qpid-proton/tree/go1{/dir} +https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/> + </head> + <body> + <div id="-content"> + <div id="-top" class="panel"> + <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a> + + <a id="-search-link"><img width="22" height="16" src="" alt="Search"/></a> + + <ul id="-global-navigation"> + <li><a id="-logotype" href="/index.html">Apache Qpid<sup>™</sup></a></li> + <li><a href="/documentation.html">Documentation</a></li> + <li><a href="/download.html">Download</a></li> + <li><a href="/discussion.html">Discussion</a></li> + </ul> + </div> + + <div id="-menu" class="panel" style="display: none;"> + <div class="flex"> + <section> + <h3>Project</h3> + + <ul> + <li><a href="/overview.html">Overview</a></li> + <li><a href="/components/index.html">Components</a></li> + <li><a href="/releases/index.html">Releases</a></li> + </ul> + </section> + + <section> + <h3>Messaging APIs</h3> + + <ul> + <li><a href="/proton/index.html">Qpid Proton</a></li> + <li><a href="/components/jms/index.html">Qpid JMS</a></li> + <li><a href="/components/messaging-api/index.html">Qpid Messaging API</a></li> + </ul> + </section> + + <section> + <h3>Servers and tools</h3> + + <ul> + <li><a href="/components/broker-j/index.html">Broker-J</a></li> + <li><a href="/components/cpp-broker/index.html">C++ broker</a></li> + <li><a href="/components/dispatch-router/index.html">Dispatch router</a></li> + </ul> + </section> + + <section> + <h3>Resources</h3> + + <ul> + <li><a href="/dashboard.html">Dashboard</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/qpid/Index">Wiki</a></li> + <li><a href="/resources.html">More resources</a></li> + </ul> + </section> + </div> + </div> + + <div id="-search" class="panel" style="display: none;"> + <form action="http://www.google.com/search" method="get"> + <input type="hidden" name="sitesearch" value="qpid.apache.org"/> + <input type="text" name="q" maxlength="255" autofocus="autofocus" tabindex="1"/> + <button type="submit">Search</button> + <a href="/search.html">More ways to search</a> + </form> + </div> + + <div id="-middle" class="panel"> + <ul id="-path-navigation"><li><a href="/index.html">Home</a></li><li><a href="/releases/index.html">Releases</a></li><li><a href="/releases/qpid-broker-j-7.0.6/index.html">Qpid Broker-J 7.0.6</a></li><li><a href="/releases/qpid-broker-j-7.0.6/book/index.html">Apache Qpid Broker-J</a></li><li>8.2. Group Providers</li></ul> + + <div id="-middle-content"> + <div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">8.2. Group Providers</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Security.html">Prev</a> </td><th align="center" width="60%">Chapter 8. Security</th><td align="right" width="20%"> <a accesskey="n" href="Java-Broker-Security-AccessControlProviders.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Security-Group-Providers"></a>8.2. Group Providers</h2></div></div></div><p> + The Apache Qpid Broker-J utilises GroupProviders to allow assigning users to groups for use in <a class="link" href="Java-Broker-Security-AccessControlProviders.html" title="8.3. Access Control Providers">ACLs</a>. + Following authentication by a given <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Authentication-Providers" title="8.1. Authentication Providers">Authentication Provider</a>, + the configured Group Providers are consulted allowing the assignment of GroupPrincipals for a given authenticated user. Any number of + Group Providers can be added into the Broker. All of them will be checked for the presence of the groups for a given authenticated user. + </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="File-Group-Manager"></a>8.2.1. GroupFile Provider</h3></div></div></div><p> + The <span class="emphasis"><em>GroupFile</em></span> Provider allows specifying group membership in a flat file on disk. + On adding a new GroupFile Provider the path to the groups file is required to be specified. + If file does not exist an empty file is created automatically. On deletion of GroupFile Provider + the groups file is deleted as well. Only one instance of "GroupFile" Provider per groups file location can be created. + On attempt to create another GroupFile Provider pointing to the same location the error will be displayed and + the creation will be aborted. + </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="File-Group-Manager-FileFormat"></a>8.2.1.1. File Format</h4></div></div></div><p> + The groups file has the following format: + </p><pre class="programlisting"> + # <GroupName>.users = <comma delimited user list> + # For example: + + administrators.users = admin,manager +</pre><p> + Only users can be added to a group currently, not other groups. Usernames can't contain commas. + </p><p> + Lines starting with a '#' are treated as comments when opening the file, but these are not preserved when the broker updates the file due to changes made through the management interface. + </p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Group-Providers-ManagedGroupProvider"></a>8.2.2. ManagedGroupProvider</h3></div></div></div><p> + The <span class="emphasis"><em>ManagedGroupProvider</em></span> allows specifying group membership as part of broker configuration. + In future version of Brokers GroupFile Provider will be replaced by this one. + </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Group-Providers-CloudFoundry"></a>8.2.3. CloudFoundryDashboardManagementGroupProvider</h3></div></div></div><p> + The <span class="emphasis"><em>CloudFoundryDashboardManagementGroupProvider</em></span> + allows mapping of service instance ids to qpid management groups. + </p><p> + One use case is restricting management capabilities of a OAuth2 authenticated user to certain virtual + hosts. For this, one would associate a cloudfoundry service id with each virtual host and have an ACL with a + separate management group for each virtual host. Given the correct service instance id to + management group mapping the GroupProvider will then associate the user with each management group the user + is provisioned to manage the associated service instance in the <a class="link" href="http://docs.cloudfoundry.org/services/dashboard-sso.html#checking-user-permissions" target="_top">CloudFoundry dashboard</a>. + </p></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Security.html">Prev</a> </td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td align="right" width="40%"> <a accesskey="n" href="Java-Broker-Security-AccessControlProviders.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">Chapter 8. Security </td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%"> 8.3. Access Control Providers</td></tr></table></div></div> + + <hr/> + + <ul id="-apache-navigation"> + <li><a href="http://www.apache.org/">Apache</a></li> + <li><a href="http://www.apache.org/licenses/">License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html">Thanks!</a></li> + <li><a href="/security.html">Security</a></li> + <li><a href="http://www.apache.org/"><img id="-apache-feather" width="48" height="14" src="" alt="Apache"/></a></li> + </ul> + + <p id="-legal"> + Apache Qpid, Messaging built on AMQP; Copyright © 2015 + The Apache Software Foundation; Licensed under + the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache + License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton, + Proton, Apache, the Apache feather logo, and the Apache Qpid + project logo are trademarks of The Apache Software + Foundation; All other marks mentioned may be trademarks or + registered trademarks of their respective owners + </p> + </div> + </div> + </div> + </body> +</html>
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/Java-Broker-Security.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/Java-Broker-Security.html b/content/releases/qpid-broker-j-7.0.6/book/Java-Broker-Security.html new file mode 100644 index 0000000..c9922ba --- /dev/null +++ b/content/releases/qpid-broker-j-7.0.6/book/Java-Broker-Security.html @@ -0,0 +1,295 @@ +<!DOCTYPE html> +<!-- + - + - Licensed to the Apache Software Foundation (ASF) under one + - or more contributor license agreements. See the NOTICE file + - distributed with this work for additional information + - regarding copyright ownership. The ASF licenses this file + - to you under the Apache License, Version 2.0 (the + - "License"); you may not use this file except in compliance + - with the License. You may obtain a copy of the License at + - + - http://www.apache.org/licenses/LICENSE-2.0 + - + - Unless required by applicable law or agreed to in writing, + - software distributed under the License is distributed on an + - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + - KIND, either express or implied. See the License for the + - specific language governing permissions and limitations + - under the License. + - +--> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>Chapter 8. Security - Apache Qpid™</title> + <meta http-equiv="X-UA-Compatible" content="IE=edge"/> + <meta name="viewport" content="width=device-width, initial-scale=1.0"/> + <link rel="stylesheet" href="/site.css" type="text/css" async="async"/> + <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/> + <script type="text/javascript">var _deferredFunctions = [];</script> + <script type="text/javascript" src="/deferred.js" defer="defer"></script> + <!--[if lte IE 8]> + <link rel="stylesheet" href="/ie.css" type="text/css"/> + <script type="text/javascript" src="/html5shiv.js"></script> + <![endif]--> + + <!-- Redirects for `go get` and godoc.org --> + <meta name="go-import" + content="qpid.apache.org git https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/> + <meta name="go-source" + content="qpid.apache.org +https://github.com/apache/qpid-proton/blob/go1/README.md +https://github.com/apache/qpid-proton/tree/go1{/dir} +https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/> + </head> + <body> + <div id="-content"> + <div id="-top" class="panel"> + <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a> + + <a id="-search-link"><img width="22" height="16" src="" alt="Search"/></a> + + <ul id="-global-navigation"> + <li><a id="-logotype" href="/index.html">Apache Qpid<sup>™</sup></a></li> + <li><a href="/documentation.html">Documentation</a></li> + <li><a href="/download.html">Download</a></li> + <li><a href="/discussion.html">Discussion</a></li> + </ul> + </div> + + <div id="-menu" class="panel" style="display: none;"> + <div class="flex"> + <section> + <h3>Project</h3> + + <ul> + <li><a href="/overview.html">Overview</a></li> + <li><a href="/components/index.html">Components</a></li> + <li><a href="/releases/index.html">Releases</a></li> + </ul> + </section> + + <section> + <h3>Messaging APIs</h3> + + <ul> + <li><a href="/proton/index.html">Qpid Proton</a></li> + <li><a href="/components/jms/index.html">Qpid JMS</a></li> + <li><a href="/components/messaging-api/index.html">Qpid Messaging API</a></li> + </ul> + </section> + + <section> + <h3>Servers and tools</h3> + + <ul> + <li><a href="/components/broker-j/index.html">Broker-J</a></li> + <li><a href="/components/cpp-broker/index.html">C++ broker</a></li> + <li><a href="/components/dispatch-router/index.html">Dispatch router</a></li> + </ul> + </section> + + <section> + <h3>Resources</h3> + + <ul> + <li><a href="/dashboard.html">Dashboard</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/qpid/Index">Wiki</a></li> + <li><a href="/resources.html">More resources</a></li> + </ul> + </section> + </div> + </div> + + <div id="-search" class="panel" style="display: none;"> + <form action="http://www.google.com/search" method="get"> + <input type="hidden" name="sitesearch" value="qpid.apache.org"/> + <input type="text" name="q" maxlength="255" autofocus="autofocus" tabindex="1"/> + <button type="submit">Search</button> + <a href="/search.html">More ways to search</a> + </form> + </div> + + <div id="-middle" class="panel"> + <ul id="-path-navigation"><li><a href="/index.html">Home</a></li><li><a href="/releases/index.html">Releases</a></li><li><a href="/releases/qpid-broker-j-7.0.6/index.html">Qpid Broker-J 7.0.6</a></li><li><a href="/releases/qpid-broker-j-7.0.6/book/index.html">Apache Qpid Broker-J</a></li><li>Chapter 8. Security</li></ul> + + <div id="-middle-content"> + <div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">Chapter 8. Security</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Management-Managing-Plugin-HTTP.html">Prev</a> </td><th align="center" width="60%"> </th><td align="right" width="20%"> <a accesskey="n" href="Java-Broker-Security-Group-Providers.html">Next</a></td></tr></table><hr /></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a id="Java-Broker-Security"></a>Chapter 8. Security</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Authentication-Providers">8.1. Authentication Providers</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-LDAP-Provider">8.1.1. Simple LDAP</a></s pan></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Kerberos-Provider">8.1.2. Kerberos</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-OAuth2-Provider">8.1.3. OAuth2</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-External-Provider">8.1.4. External (SSL Client Certificates)</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Anonymous-Provider">8.1.5. Anonymous</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-ScramSha-Providers">8.1.6. SCRAM SHA</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Plain-Provider">8.1.7. Plain</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-PlainPasswordFile-Provider">8.1.8. Plain Password File <span class="emphasis"><em>(Deprecated) </em></span></a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-MD5-Provider">8.1.9. MD5 Provider</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Base64MD5PasswordFile-Provider">8.1.10. Base64MD5 Password File <span class="emphasis"><em>(Deprecated)</em></span></a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Security-Group-Providers.html">8.2. Group Providers</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Security-Group-Providers.html#File-Group-Manager">8.2.1. GroupFile Provider</a></span></dt><dt><span class="section"><a href="Java-Broker-Security-Group-Providers.html#Java-Broker-Security-Group-Providers-ManagedGroupProvider">8.2.2. ManagedGroupProvider</a></span></dt><dt><span class="section"><a href="Java-Broker-Security-Group-Providers.html#Java-Broker-Security-Group-Providers-CloudFoundry">8.2.3. CloudFoundryDashboardManagementGroupProvi der</a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Security-AccessControlProviders.html">8.3. Access Control Providers</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Security-AccessControlProviders.html#Java-Broker-Security-AccessControlProviders-Types">8.3.1. Types</a></span></dt><dt><span class="section"><a href="Java-Broker-Security-AccessControlProviders.html#Java-Broker-Security-AccessControlProviders-ACLRules">8.3.2. + ACL Rules + </a></span></dt><dt><span class="section"><a href="Java-Broker-Security-AccessControlProviders.html#Java-Broker-Security-AccessControlProviders-Syntax">8.3.3. + Syntax + </a></span></dt><dt><span class="section"><a href="Java-Broker-Security-AccessControlProviders.html#Java-Broker-Security-AccessControlProviders-WorkedExamples">8.3.4. + Worked Examples + </a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Security-Configuration-Encryption.html">8.4. Configuration Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Security-Configuration-Encryption.html#Java-Broker-Security-Configuration-Encryption-Configuration">8.4.1. Configuration</a></span></dt><dt><span class="section"><a href="Java-Broker-Security-Configuration-Encryption.html#Java-Broker-Security-Configuration-Encryption-Alternate-Implementations">8.4.2. Alternate Implementations</a></span></dt></dl></dd></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Security-Authentication-Providers"></a>8.1. Authentication Providers</h2></div></div></div><p> In order to successfully establish a connection to the Broker, the connection must be + authenticated. The Broker supports a number of different authentication schemes, each with + its own "authentication provider". Any number of Authentication Providers can be configured on + the Broker at the same time. </p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p> Only unused Authentication Provider can be deleted. For delete requests attempting to + delete Authentication Provider associated with the Ports, the errors will be returned and + delete operations will be aborted. It is possible to change the Authentication Provider on + Port at runtime. However, the Broker restart is required for changes on Port to take effect. + </p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> + Authentication Providers may choose to selectively disable certain authentication mechanisms + depending on whether an encrypted transport is being used or not. This is to avoid insecure + configurations. Notably, by default the PLAIN mechanism will be disabled on non-SSL + connections. This security feature can be overwritten by setting + </p><pre class="programlisting">secureOnlyMechanisms = []</pre><p> in the authentication provider + section of the config.json. + </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p> + Changing the secureOnlyMechanism is a breach of security and might cause passwords to be + transfered in the clear. Use at your own risk! + </p></div><p> + </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-LDAP-Provider"></a>8.1.1. Simple LDAP</h3></div></div></div><p> The Simple LDAP authenticates connections against a Directory (LDAP). </p><p> To create a SimpleLDAPAuthenticationProvider the following mandatory fields are required: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>LDAP server URL</em></span> is the URL of the server, for example, + <code class="literal">ldaps://example.com:636</code></p></li><li class="listitem"><p><span class="emphasis"><em>Search context</em></span> is the distinguished name of the search base + object. It defines the location from which the search for users begins, for example, + <code class="literal">dc=users,dc=example,dc=com</code></p></li><li class="listitem"><p><span class="emphasis"><em>Search filter</em></span> is a DN template to find an LDAP user entry by + provided user name, for example, <code class="literal">(uid={0})</code></p></li></ul></div><p> Additionally, the following optional fields can be specified: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>LDAP context factory</em></span> is a fully qualified class name for the + JNDI LDAP context factory. This class must implement the <a class="link" href="http://docs.oracle.com/javase/7/docs/api/javax/naming/spi/InitialContextFactory.html" target="_top">InitialContextFactory</a> interface and produce instances of <a class="link" href="http://docs.oracle.com/javase/7/docs/api/javax/naming/directory/DirContext.html" target="_top">DirContext</a>. If + not specified a default value of <code class="literal">com.sun.jndi.ldap.LdapCtxFactory</code> is + used.</p></li><li class="listitem"><p><span class="emphasis"><em>LDAP authentication URL</em></span> is the URL of LDAP server for + performing "ldap bind". If not specified, the <span class="emphasis"><em>LDAP server URL</em></span> will + be used for both searches and authentications.</p></li><li class="listitem"><p><span class="emphasis"><em>Truststore name</em></span> is a name of <a class="link" href="Java-Broker-Management-Managing-Truststores.html#Java-Broker-Management-Managing-Truststores-Attributes" title="7.12.2. Attributes">configured + truststore</a>. Use this if connecting to a Directory over SSL (i.e. ldaps://) + which is protected by a certificate signed by a private CA (or utilising a self-signed + certificate).</p></li><li class="listitem"><p>Additional group information can be obtained from LDAP. + There are two common ways of representing group membership in LDAP. + </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem"> + User entries can hold membership information as attribute. + To use this the <span class="emphasis"><em>attribute name</em></span> that holds the group information must be specified. + </li><li class="listitem"> + Group entries can hold a list of their members as attribute. + This can be used by specifying a <span class="emphasis"><em>search context</em></span> and <span class="emphasis"><em>search filter</em></span> to find all groups that the user should be considered a member of. + Typically this involves filtering groups by looking for the user's DN on a group attribute. + The <span class="emphasis"><em>subtree search scope</em></span> determines whether the search should include the subtree extending from the <span class="emphasis"><em>search context</em></span>. + </li></ul></div><p> + </p></li></ul></div><p> + </p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>In order to protect the security of the user's password, when using LDAP authentication, + you must: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>Use SSL on the broker's AMQP and HTTP ports to protect the password during + transmission to the Broker. The Broker enforces this restriction automatically on AMQP + and HTTP ports.</p></li><li class="listitem"><p>Authenticate to the Directory using SSL (i.e. ldaps://) to protect the password + during transmission from the Broker to the Directory.</p></li></ul></div></div><p> The LDAP Authentication Provider works in the following manner. If not in <code class="literal">bind + without search</code> mode, it first connects to the Directory and searches for the ldap + entity which is identified by the username. The search begins at the distinguished name + identified by <code class="literal">Search Context</code> and uses the username as a filter. The search + scope is sub-tree meaning the search will include the base object and the subtree extending + beneath it. </p><p> If the search returns a match, or is configured in <code class="literal">bind without search</code> + mode, the Authentication Provider then attempts to bind to the LDAP server with the given name + and the password. Note that <a class="link" href="http://docs.oracle.com/javase/7/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION" target="_top">simple security + authentication</a> is used so the Directory receives the password in the clear. + </p><p> + By default, this authentication provider caches the result of an authentication for a short period of time. This + reduces the load on the Directory service if the same credentials are presented frequently within a short + period of time. The length of time a result will be cached is defined by context variable + <code class="literal">qpid.auth.cache.expiration_time</code> (default to 600 seconds). The cache can be disabled by + setting the context variable <code class="literal">qpid.auth.cache.size</code> to 0. + </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Kerberos-Provider"></a>8.1.2. Kerberos</h3></div></div></div><p> Kereberos Authentication Provider uses java GSS-API SASL mechanism to authenticate the + connections. </p><p> Configuration of kerberos is done through system properties (there doesn't seem to be a + way around this unfortunately). </p><pre class="programlisting"> + export JAVA_OPTS=-Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=qpid.conf + ${QPID_HOME}/bin/qpid-server + </pre><p>Where qpid.conf would look something like this:</p><pre class="programlisting"> +com.sun.security.jgss.accept { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + storeKey=true + doNotPrompt=true + realm="EXAMPLE.COM" + useSubjectCredsOnly=false + kdc="kerberos.example.com" + keyTab="/path/to/keytab-file" + principal="<name>/<host>"; +};</pre><p> Where realm, kdc, keyTab and principal should obviously be set correctly for the + environment where you are running (see the existing documentation for the C++ broker about + creating a keytab file). </p><p> Note: You may need to install the "Java Cryptography Extension (JCE) Unlimited Strength + Jurisdiction Policy Files" appropriate for your JDK in order to get Kerberos support working. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-OAuth2-Provider"></a>8.1.3. OAuth2</h3></div></div></div><p> This authentication provider allows users to login to the broker using credentials from a different service supporting OAuth2. + Unfortunately, the <a class="link" href="https://www.rfc-editor.org/rfc/rfc6749.txt" target="_top">OAuth2 specification</a> does not define a standard why to get the identity of a subject from an access token. + However, most OAuth2 implementations provide such functionality, although in different ways. Qpid handles this by providing so called IdentityResolvers. + Currently the following services are supported: + </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>CloudFoundry</p></li><li class="listitem"><p>Facebook</p></li><li class="listitem"><p>GitHub</p></li><li class="listitem"><p>Google</p></li><li class="listitem"><p>Microsoft Live</p></li></ul></div><p> + Since all of these, with the exception of CloudFoundry, are tied to a specific service they come with defaults for the Scope, Authorization-, Token-, and IdentityResolverEndpoint. + </p><p> + By default, this authentication provider caches the result of an authentication for a short period of time. This + reduces the load on the OAuth2 service if the same token is presented frequently within a short + period of time. The length of time a result will be cached is defined by context variable + <code class="literal">qpid.auth.cache.expiration_time</code> (default to 600 seconds). The cache can be disabled by + setting the context variable <code class="literal">qpid.auth.cache.size</code> to 0. + </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-External-Provider"></a>8.1.4. External (SSL Client Certificates)</h3></div></div></div><p> When <a class="link" href="Java-Broker-Management-Managing-Truststores.html" title="7.12. Truststores"> requiring SSL Client + Certificates</a> be presented the External Authentication Provider can be used, such that + the user is authenticated based on trust of their certificate alone, and the X500Principal + from the SSL session is then used as the username for the connection, instead of also + requiring the user to present a valid username and password. </p><p> + <span class="bold"><strong>Note:</strong></span> The External Authentication Provider should typically + only be used on the AMQP/HTTP ports, in conjunction with <a class="link" href="Java-Broker-Management-Managing-Ports.html" title="7.9. Ports">SSL client certificate + authentication</a>. It is not intended for other uses and + will treat any non-sasl authentication processes on these ports as successful with the given + username.</p><p>On creation of External Provider the use of full DN or username CN as a principal name can + be configured. If attribute "Use the full DN as the Username" is set to "true" the full DN is + used as an authenticated principal name. If attribute "Use the full DN as the Username" is set + to "false" the user name CN part is used as the authenticated principal name. Setting the + field to "false" is particular useful when <a class="link" href="Java-Broker-Security-AccessControlProviders.html" title="8.3. Access Control Providers">ACL</a> is required, as at the moment, ACL does not support commas in the user name. + </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Anonymous-Provider"></a>8.1.5. Anonymous</h3></div></div></div><p> The Anonymous Authentication Provider will allow users to connect with or without + credentials and result in their identification on the broker as the user ANONYMOUS. This + Provider does not require specification of any additional attributes on creation. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-ScramSha-Providers"></a>8.1.6. SCRAM SHA</h3></div></div></div><p>The SCRAM SHA Providers uses the Broker configuration itself to store the database of + users. The users' + passwords are stored as salted SHA digested password. This can be further encrypted using the + facilities described in <a class="xref" href="Java-Broker-Security-Configuration-Encryption.html" title="8.4. Configuration Encryption">Section 8.4, “Configuration Encryption”</a>.</p><p>There are two variants of this provider, SHA1 and SHA256. SHA256 is recommended whenever + possible. SHA1 is provided with compatibility with clients utilising JDK 1.6 (which does not + support SHA256).</p><p>For these providers user credentials can be added, removed or changed using + Management.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Plain-Provider"></a>8.1.7. Plain</h3></div></div></div><p>The Plain Provider uses the Broker configuration itself to store the database of users + (unlike the <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-PlainPasswordFile-Provider" title="8.1.8. Plain Password File (Deprecated)">PlainPasswordFile</a>, there is no separate password file). As the name suggests, + the user data (including password) is not hashed in any way. In order to provide encryption, + the facilities described in <a class="xref" href="Java-Broker-Security-Configuration-Encryption.html" title="8.4. Configuration Encryption">Section 8.4, “Configuration Encryption”</a> + must be used.</p><p>For this provider user credentials can be added, removed or changed using + Management.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-PlainPasswordFile-Provider"></a>8.1.8. Plain Password File <span class="emphasis"><em>(Deprecated)</em></span></h3></div></div></div><p><span class="emphasis"><em>This provider is deprecated and will be removed in a future release. The <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Plain-Provider" title="8.1.7. Plain">Plain</a> provider should be used + instead.</em></span></p><p> The PlainPasswordFile Provider uses local file to store and manage user credentials. When + creating an authentication provider the path to the file needs to be specified. If specified + file does not exist an empty file is created automatically on Authentication Provider + creation. On Provider deletion the password file is deleted as well.</p><p>For this provider user credentials can be added, removed or changed using + Management.</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e4440"></a>8.1.8.1. Plain Password File Format</h4></div></div></div><p> The user credentials are stored on the single file line as user name and user + password pairs separated by colon character. This file must not be modified externally + whilst the Broker is running.</p><pre class="programlisting"> +# password file format +# <user name>: <user password> +guest:guest + </pre></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-MD5-Provider"></a>8.1.9. MD5 Provider</h3></div></div></div><p> MD5 Provider uses the Broker configuration itself to store the database of + users (unlike the <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Base64MD5PasswordFile-Provider" title="8.1.10. Base64MD5 Password File (Deprecated)">Base64MD5 Password File</a>, there is no separate password file). Rather than store the + unencrypted user password (as the Plain provider does) it instead stores the MD5 password + digest. This can be further encrypted using the + facilities described in <a class="xref" href="Java-Broker-Security-Configuration-Encryption.html" title="8.4. Configuration Encryption">Section 8.4, “Configuration Encryption”</a>.</p><p>For this provider user credentials can be added, removed or changed using + Management.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Base64MD5PasswordFile-Provider"></a>8.1.10. Base64MD5 Password File <span class="emphasis"><em>(Deprecated)</em></span></h3></div></div></div><p><span class="emphasis"><em>This provider is deprecated and will be removed in a future release. The + <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-MD5-Provider" title="8.1.9. MD5 Provider">MD5</a> provider should be used + instead.</em></span></p><p> Base64MD5PasswordFile Provider uses local file to store and manage user credentials + similar to PlainPasswordFile but instead of storing a password the MD5 password digest encoded + with Base64 encoding is stored in the file. When creating an authentication provider the path + to the file needs to be specified. If specified file does not exist an empty file is created + automatically on Authentication Provider creation. On Base64MD5PasswordFile Provider deletion + the password file is deleted as well.</p><p>For this provider user credentials can be added, removed or changed using + Management.</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e4476"></a>8.1.10.1. Base64MD5 File Format</h4></div></div></div><p> The user credentials are stored on the single file line as user name and user password + pairs separated by colon character. The password is stored MD5 digest/Base64 encoded. This + file must not be modified externally whilst the Broker is running.</p></div></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Management-Managing-Plugin-HTTP.html">Prev</a> </td><td align="center" width="20%"> </td><td align="right" width="40%"> <a accesskey="n" href="Java-Broker-Security-Group-Providers.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">7.15. HTTP Plugin </td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%"> 8.2. Group Providers</td></tr></table></div></div> + + <hr/> + + <ul id="-apache-navigation"> + <li><a href="http://www.apache.org/">Apache</a></li> + <li><a href="http://www.apache.org/licenses/">License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html">Thanks!</a></li> + <li><a href="/security.html">Security</a></li> + <li><a href="http://www.apache.org/"><img id="-apache-feather" width="48" height="14" src="" alt="Apache"/></a></li> + </ul> + + <p id="-legal"> + Apache Qpid, Messaging built on AMQP; Copyright © 2015 + The Apache Software Foundation; Licensed under + the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache + License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton, + Proton, Apache, the Apache feather logo, and the Apache Qpid + project logo are trademarks of The Apache Software + Foundation; All other marks mentioned may be trademarks or + registered trademarks of their respective owners + </p> + </div> + </div> + </div> + </body> +</html> http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/apds02.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/apds02.html b/content/releases/qpid-broker-j-7.0.6/book/apds02.html new file mode 100644 index 0000000..e54bbe1 --- /dev/null +++ b/content/releases/qpid-broker-j-7.0.6/book/apds02.html @@ -0,0 +1,160 @@ +<!DOCTYPE html> +<!-- + - + - Licensed to the Apache Software Foundation (ASF) under one + - or more contributor license agreements. See the NOTICE file + - distributed with this work for additional information + - regarding copyright ownership. The ASF licenses this file + - to you under the Apache License, Version 2.0 (the + - "License"); you may not use this file except in compliance + - with the License. You may obtain a copy of the License at + - + - http://www.apache.org/licenses/LICENSE-2.0 + - + - Unless required by applicable law or agreed to in writing, + - software distributed under the License is distributed on an + - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + - KIND, either express or implied. See the License for the + - specific language governing permissions and limitations + - under the License. + - +--> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>D.2. Statistic Report Patterns - Apache Qpid™</title> + <meta http-equiv="X-UA-Compatible" content="IE=edge"/> + <meta name="viewport" content="width=device-width, initial-scale=1.0"/> + <link rel="stylesheet" href="/site.css" type="text/css" async="async"/> + <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/> + <script type="text/javascript">var _deferredFunctions = [];</script> + <script type="text/javascript" src="/deferred.js" defer="defer"></script> + <!--[if lte IE 8]> + <link rel="stylesheet" href="/ie.css" type="text/css"/> + <script type="text/javascript" src="/html5shiv.js"></script> + <![endif]--> + + <!-- Redirects for `go get` and godoc.org --> + <meta name="go-import" + content="qpid.apache.org git https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/> + <meta name="go-source" + content="qpid.apache.org +https://github.com/apache/qpid-proton/blob/go1/README.md +https://github.com/apache/qpid-proton/tree/go1{/dir} +https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/> + </head> + <body> + <div id="-content"> + <div id="-top" class="panel"> + <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a> + + <a id="-search-link"><img width="22" height="16" src="" alt="Search"/></a> + + <ul id="-global-navigation"> + <li><a id="-logotype" href="/index.html">Apache Qpid<sup>™</sup></a></li> + <li><a href="/documentation.html">Documentation</a></li> + <li><a href="/download.html">Download</a></li> + <li><a href="/discussion.html">Discussion</a></li> + </ul> + </div> + + <div id="-menu" class="panel" style="display: none;"> + <div class="flex"> + <section> + <h3>Project</h3> + + <ul> + <li><a href="/overview.html">Overview</a></li> + <li><a href="/components/index.html">Components</a></li> + <li><a href="/releases/index.html">Releases</a></li> + </ul> + </section> + + <section> + <h3>Messaging APIs</h3> + + <ul> + <li><a href="/proton/index.html">Qpid Proton</a></li> + <li><a href="/components/jms/index.html">Qpid JMS</a></li> + <li><a href="/components/messaging-api/index.html">Qpid Messaging API</a></li> + </ul> + </section> + + <section> + <h3>Servers and tools</h3> + + <ul> + <li><a href="/components/broker-j/index.html">Broker-J</a></li> + <li><a href="/components/cpp-broker/index.html">C++ broker</a></li> + <li><a href="/components/dispatch-router/index.html">Dispatch router</a></li> + </ul> + </section> + + <section> + <h3>Resources</h3> + + <ul> + <li><a href="/dashboard.html">Dashboard</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/qpid/Index">Wiki</a></li> + <li><a href="/resources.html">More resources</a></li> + </ul> + </section> + </div> + </div> + + <div id="-search" class="panel" style="display: none;"> + <form action="http://www.google.com/search" method="get"> + <input type="hidden" name="sitesearch" value="qpid.apache.org"/> + <input type="text" name="q" maxlength="255" autofocus="autofocus" tabindex="1"/> + <button type="submit">Search</button> + <a href="/search.html">More ways to search</a> + </form> + </div> + + <div id="-middle" class="panel"> + <ul id="-path-navigation"><li><a href="/index.html">Home</a></li><li><a href="/releases/index.html">Releases</a></li><li><a href="/releases/qpid-broker-j-7.0.6/index.html">Qpid Broker-J 7.0.6</a></li><li><a href="/releases/qpid-broker-j-7.0.6/book/index.html">Apache Qpid Broker-J</a></li><li>D.2. Statistic Report Patterns</li></ul> + + <div id="-middle-content"> + <div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">D.2. Statistic Report Patterns</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Appendix-Statistics-Reporting.html">Prev</a> </td><th align="center" width="60%">Appendix D. Statistics Reporting</th><td align="right" width="20%"> <a accesskey="n" href="apds03.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="d0e9489"></a>D.2. Statistic Report Patterns</h2></div></div></div><p>The statistic report pattern defines the format of a statistic report written to the log.</p><p>Statistic report patterns are defined by <a class="link" href="Java-Broker-Management-Managing-Entities.html#Java-Broker-Management-Managing-Entities-General" title="7.1. General Description"> + content variables</a>. The place where the context variable is defined governs the scope i.e. the entities to + which the pattern will be applied.</p><p>For instance, to define a statistics reporting pattern for a single queue, + <a class="link" href="Java-Broker-Management-Channel-Web-Console.html#Java-Broker-Management-Channel-Web-Console-Managing-Context-Variables" title="6.2.3.4. Context Variables">set the contextvariable + </a> on the queue itself. If you want the same statistics report pattern for apply to all queues, set the pattern on a + suitable ancestor of the queue. For instance, if set on virtualhost, the pattern will applied to all queues defined + on that virtualhost. If set on Broker, the pattern will be applied to all queues on the Broker.</p><p>The context variable name is formed as follows: + <code class="literal">qpid.<category-name>.statisticsReportPattern</code>.</p><p>For instance, for queue: <code class="literal">qpid.queue.statisticsReportPattern</code> and virtualhost: + <code class="literal">qpid.virtualhost.statisticsReportPattern</code></p><p>The value of the context variable is a free text string containing reference(s) to the statistic names that + are to appear in the report. References are made by surrounding the name of the statistic with '$' and curly braces, + thus <code class="literal">${<statistic-name>}</code>.</p><p>Statistics references allow an optional formatters. The supported formatters are: <code class="literal">:byteunit</code> + (produces a human readable byte value e.g. 3 MiB), <code class="literal">:duration</code> (produces a ISO-8601 duration)and + <code class="literal">:datetime</code> (produces a ISO-8601 date/time).</p><p>For example, a statistic report pattern for the <code class="literal">queue</code> category specifying two queue + statistic values: <code class="literal">queueDepthMessages=${queueDepthMessages},queueDepthBytes=${queueDepthBytes:byteunit}</code></p><p>Like all context variables, the statistic report pattern can also reference the attributes of the entity + or even its ancestors. This feature can be exploited to include things like the name of the entity within the + report.</p><p>These points are illustrated in the examples in the next section.</p><p>A catalogue of statistics names and descriptions is available from the REST API documentation available + through the <a class="link" href="Java-Broker-Management-Channel-Web-Console.html" title="6.2. Web Management Console">Web Management Console</a>.</p></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Appendix-Statistics-Reporting.html">Prev</a> </td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Appendix-Statistics-Reporting.html">Up</a></td><td align="right" width="40%"> <a accesskey="n" href="apds03.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">Appendix D. Statistics Reporting </td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%"> D.3. Examples</td></tr></table></div></div> + + <hr/> + + <ul id="-apache-navigation"> + <li><a href="http://www.apache.org/">Apache</a></li> + <li><a href="http://www.apache.org/licenses/">License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html">Thanks!</a></li> + <li><a href="/security.html">Security</a></li> + <li><a href="http://www.apache.org/"><img id="-apache-feather" width="48" height="14" src="" alt="Apache"/></a></li> + </ul> + + <p id="-legal"> + Apache Qpid, Messaging built on AMQP; Copyright © 2015 + The Apache Software Foundation; Licensed under + the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache + License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton, + Proton, Apache, the Apache feather logo, and the Apache Qpid + project logo are trademarks of The Apache Software + Foundation; All other marks mentioned may be trademarks or + registered trademarks of their respective owners + </p> + </div> + </div> + </div> + </body> +</html> http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/apds03.html ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/apds03.html b/content/releases/qpid-broker-j-7.0.6/book/apds03.html new file mode 100644 index 0000000..79f3b7f --- /dev/null +++ b/content/releases/qpid-broker-j-7.0.6/book/apds03.html @@ -0,0 +1,154 @@ +<!DOCTYPE html> +<!-- + - + - Licensed to the Apache Software Foundation (ASF) under one + - or more contributor license agreements. See the NOTICE file + - distributed with this work for additional information + - regarding copyright ownership. The ASF licenses this file + - to you under the Apache License, Version 2.0 (the + - "License"); you may not use this file except in compliance + - with the License. You may obtain a copy of the License at + - + - http://www.apache.org/licenses/LICENSE-2.0 + - + - Unless required by applicable law or agreed to in writing, + - software distributed under the License is distributed on an + - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + - KIND, either express or implied. See the License for the + - specific language governing permissions and limitations + - under the License. + - +--> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <head> + <title>D.3. Examples - Apache Qpid™</title> + <meta http-equiv="X-UA-Compatible" content="IE=edge"/> + <meta name="viewport" content="width=device-width, initial-scale=1.0"/> + <link rel="stylesheet" href="/site.css" type="text/css" async="async"/> + <link rel="stylesheet" href="/deferred.css" type="text/css" defer="defer"/> + <script type="text/javascript">var _deferredFunctions = [];</script> + <script type="text/javascript" src="/deferred.js" defer="defer"></script> + <!--[if lte IE 8]> + <link rel="stylesheet" href="/ie.css" type="text/css"/> + <script type="text/javascript" src="/html5shiv.js"></script> + <![endif]--> + + <!-- Redirects for `go get` and godoc.org --> + <meta name="go-import" + content="qpid.apache.org git https://git-wip-us.apache.org/repos/asf/qpid-proton.git"/> + <meta name="go-source" + content="qpid.apache.org +https://github.com/apache/qpid-proton/blob/go1/README.md +https://github.com/apache/qpid-proton/tree/go1{/dir} +https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/> + </head> + <body> + <div id="-content"> + <div id="-top" class="panel"> + <a id="-menu-link"><img width="16" height="16" src="" alt="Menu"/></a> + + <a id="-search-link"><img width="22" height="16" src="" alt="Search"/></a> + + <ul id="-global-navigation"> + <li><a id="-logotype" href="/index.html">Apache Qpid<sup>™</sup></a></li> + <li><a href="/documentation.html">Documentation</a></li> + <li><a href="/download.html">Download</a></li> + <li><a href="/discussion.html">Discussion</a></li> + </ul> + </div> + + <div id="-menu" class="panel" style="display: none;"> + <div class="flex"> + <section> + <h3>Project</h3> + + <ul> + <li><a href="/overview.html">Overview</a></li> + <li><a href="/components/index.html">Components</a></li> + <li><a href="/releases/index.html">Releases</a></li> + </ul> + </section> + + <section> + <h3>Messaging APIs</h3> + + <ul> + <li><a href="/proton/index.html">Qpid Proton</a></li> + <li><a href="/components/jms/index.html">Qpid JMS</a></li> + <li><a href="/components/messaging-api/index.html">Qpid Messaging API</a></li> + </ul> + </section> + + <section> + <h3>Servers and tools</h3> + + <ul> + <li><a href="/components/broker-j/index.html">Broker-J</a></li> + <li><a href="/components/cpp-broker/index.html">C++ broker</a></li> + <li><a href="/components/dispatch-router/index.html">Dispatch router</a></li> + </ul> + </section> + + <section> + <h3>Resources</h3> + + <ul> + <li><a href="/dashboard.html">Dashboard</a></li> + <li><a href="https://cwiki.apache.org/confluence/display/qpid/Index">Wiki</a></li> + <li><a href="/resources.html">More resources</a></li> + </ul> + </section> + </div> + </div> + + <div id="-search" class="panel" style="display: none;"> + <form action="http://www.google.com/search" method="get"> + <input type="hidden" name="sitesearch" value="qpid.apache.org"/> + <input type="text" name="q" maxlength="255" autofocus="autofocus" tabindex="1"/> + <button type="submit">Search</button> + <a href="/search.html">More ways to search</a> + </form> + </div> + + <div id="-middle" class="panel"> + <ul id="-path-navigation"><li><a href="/index.html">Home</a></li><li><a href="/releases/index.html">Releases</a></li><li><a href="/releases/qpid-broker-j-7.0.6/index.html">Qpid Broker-J 7.0.6</a></li><li><a href="/releases/qpid-broker-j-7.0.6/book/index.html">Apache Qpid Broker-J</a></li><li>D.3. Examples</li></ul> + + <div id="-middle-content"> + <div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">D.3. Examples</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="apds02.html">Prev</a> </td><th align="center" width="60%">Appendix D. Statistics Reporting</th><td align="right" width="20%"> <a accesskey="n" href="Java-Broker-Appendix-Queue-Alerts.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="d0e9548"></a>D.3. Examples</h2></div></div></div><p>Adding a statistic reporting pattern to a single queue, called <code class="literal">myqueue</code> using the REST API and + cURL. This example uses <code class="literal">ancestor</code> references to include entity names:</p><div class="example"><a id="d0e9559"></a><p class="title"><strong>Example D.1. Enabling statistics for a single queue using the REST API and cURL</strong></p><div class="example-contents"><pre class="screen">curl --user admin --data '{"name" : "qpid.queue.statisticsReportPattern", "value" : "${ancestor:virtualhost:name}/${ancestor:queue:name}: queueDepthMessages=${queueDepthMessages}, queueDepthBytes=${queueDepthBytes:byteunit}"}' https://localhost:8080/api/latest/queue/default/default/myqueue/setContextVariable</pre></div></div><br class="example-break" /><p> + Once enabled, an example statistic report output written to the log might look like this: + </p><pre class="screen">2017-10-15 13:03:12,993 INFO [virtualhost-default-pool-0] (q.s.Queue) - Statistics: default/myqueue: queueDepthMessages=0, queueDepthBytes=0 B +2017-10-15 13:03:22,979 INFO [virtualhost-default-pool-2] (q.s.Queue) - Statistics: default/myqueue: queueDepthMessages=3, queueDepthBytes=345 B +2017-10-15 13:03:32,981 INFO [virtualhost-default-pool-2] (q.s.Queue) - Statistics: default/myqueue: queueDepthMessages=3, queueDepthBytes=345 B</pre><p> + </p><p>Removing a statistic report pattern from the same queue:</p><div class="example"><a id="d0e9571"></a><p class="title"><strong>Example D.2. Disabling statistics for a single queue using the REST API and cURL</strong></p><div class="example-contents"><pre class="screen">curl --user admin --data '{"name" : "qpid.queue.statisticsReportPattern"}' https://localhost:8080/api/latest/queue/default/default/myqueue/setContextVariable</pre></div></div><br class="example-break" /><p>Adding a statistic reporting pattern to all queues:</p><div class="example"><a id="d0e9578"></a><p class="title"><strong>Example D.3. Enabling statistics for all queues using the REST API and cURL</strong></p><div class="example-contents"><pre class="screen">curl --user admin --data '{"name" : "qpid.queue.statisticsReportPattern", "value" : "${ancestor:virtualhost:name}/${ancestor:queue:name}: oldestMessageAge=${oldestMessageAge:duration}"}' https://localhost:8080/api/latest/virtualhost /default/default/setContextVariable</pre></div></div><br class="example-break" /><p> + Once enabled, an example statistic report for a virtualhost with two queues might look like this: + </p><pre class="screen">2017-10-15 13:17:42,918 INFO [virtualhost-default-pool-1] (q.s.Queue) - Statistics: default/myqueue1: oldestMessageAge=PT1M24S +2017-10-15 13:17:42,918 INFO [virtualhost-default-pool-1] (q.s.Queue) - Statistics: default/myqueue2: oldestMessageAge=PT0S</pre><p> + </p></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="apds02.html">Prev</a> </td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Appendix-Statistics-Reporting.html">Up</a></td><td align="right" width="40%"> <a accesskey="n" href="Java-Broker-Appendix-Queue-Alerts.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">D.2. Statistic Report Patterns </td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%"> Appendix E. Queue Alerts</td></tr></table></div></div> + + <hr/> + + <ul id="-apache-navigation"> + <li><a href="http://www.apache.org/">Apache</a></li> + <li><a href="http://www.apache.org/licenses/">License</a></li> + <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li> + <li><a href="http://www.apache.org/foundation/thanks.html">Thanks!</a></li> + <li><a href="/security.html">Security</a></li> + <li><a href="http://www.apache.org/"><img id="-apache-feather" width="48" height="14" src="" alt="Apache"/></a></li> + </ul> + + <p id="-legal"> + Apache Qpid, Messaging built on AMQP; Copyright © 2015 + The Apache Software Foundation; Licensed under + the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache + License, Version 2.0</a>; Apache Qpid, Qpid, Qpid Proton, + Proton, Apache, the Apache feather logo, and the Apache Qpid + project logo are trademarks of The Apache Software + Foundation; All other marks mentioned may be trademarks or + registered trademarks of their respective owners + </p> + </div> + </div> + </div> + </body> +</html> http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/css/style.css ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/css/style.css b/content/releases/qpid-broker-j-7.0.6/book/css/style.css new file mode 100644 index 0000000..8179bf4 --- /dev/null +++ b/content/releases/qpid-broker-j-7.0.6/book/css/style.css @@ -0,0 +1,131 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +ul { + list-style-type:square; +} + +th { + font-weight: bold; +} + +.navfooter td { + font-size:10pt; +} + +.navheader td { + font-size:10pt; +} + +body { + margin:0; + background:#FFFFFF; + font-family:"Verdana", sans-serif; + font-size:10pt; +} + +.container { + width:950px; + margin:0 auto; +} + +body a { + color:#000000; +} + + +div.book { + margin-left:10pt; + margin-right:10pt; +} + +div.preface { + margin-left:10pt; + margin-right:10pt; +} + +div.chapter { + margin-left:10pt; + margin-right:10pt; +} + +div.section { + margin-left:10pt; + margin-right:10pt; +} + +div.titlepage { + margin-left:-10pt; + margin-right:-10pt; +} + +.calloutlist td { + font-size:10pt; +} + +.table-contents table { + border-spacing: 0px; +} + +.table-contents td { + font-size:10pt; + padding-left:6px; + padding-right:6px; +} + +.chapter h2.title { + font-size:20pt; + color:#0c3b82; +} + +.chapter .section h2.title { + font-size:18pt; + color:#0c3b82; +} + +.section h2.title { + font-size:16pt; + color:#0c3b82; +} + +.section h3.title { + font-size:14pt; + color:#0c3b82; +} + +.section h4.title { + font-size:12pt; + color:#0c3b82; +} + +.section h5.title { + font-size:12pt; + color:#0c3b82; +} + +.section h6.title { + font-size:12pt; + color:#0c3b82; +} + +.toc a { + font-size:9pt; +} + http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/images/Broker-MessageFlow.png ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/images/Broker-MessageFlow.png b/content/releases/qpid-broker-j-7.0.6/book/images/Broker-MessageFlow.png new file mode 100755 index 0000000..4902c46 Binary files /dev/null and b/content/releases/qpid-broker-j-7.0.6/book/images/Broker-MessageFlow.png differ http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/images/Broker-Model.png ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/images/Broker-Model.png b/content/releases/qpid-broker-j-7.0.6/book/images/Broker-Model.png new file mode 100755 index 0000000..a254565 Binary files /dev/null and b/content/releases/qpid-broker-j-7.0.6/book/images/Broker-Model.png differ http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/images/Broker-PortAuthFlow.png ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/images/Broker-PortAuthFlow.png b/content/releases/qpid-broker-j-7.0.6/book/images/Broker-PortAuthFlow.png new file mode 100755 index 0000000..4df2fa1 Binary files /dev/null and b/content/releases/qpid-broker-j-7.0.6/book/images/Broker-PortAuthFlow.png differ http://git-wip-us.apache.org/repos/asf/qpid-site/blob/89f345d6/content/releases/qpid-broker-j-7.0.6/book/images/Exchange-Direct.png ---------------------------------------------------------------------- diff --git a/content/releases/qpid-broker-j-7.0.6/book/images/Exchange-Direct.png b/content/releases/qpid-broker-j-7.0.6/book/images/Exchange-Direct.png new file mode 100755 index 0000000..184fb80 Binary files /dev/null and b/content/releases/qpid-broker-j-7.0.6/book/images/Exchange-Direct.png differ --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org