[
https://issues.apache.org/jira/browse/QPID-2538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12861322#action_12861322
]
Andrew Kennedy commented on QPID-2538:
--------------------------------------
this is an example of a mapping between xml and c++ acl syntax.
== virtualhosts.xml ==
<virtualhosts>
<virtualhost>
<localhost>
<security>
<!-- access control list (plain text AND xml) configuration -->
<access>
<plugin>
org.apache.qpid.server.security.access.plugin.AccessControl
</plugin>
<config>
<!-- plain text -->
<plain file="${conf}/access-control" />
<!-- external xml c.f. firewall -->
<xml file="${conf}/access.xml" />
<!-- internal xml (alternative) -->
<rules>
<!-- acl entries ... -->
</rules>
</config>
</accses>
</security>
</localhost>
</virtualhost>
</virtualhosts>
==
== access.xml ==
<rules>
<!-- allow adk access to this virtual host -->
<acl permission="ALLOW" identity="adk" operation="ACCESS"
object="VIRTUALHOST" />
<!-- allow creating temporary queues and queues with names matching adk.*
-->
<acl permission="ALLOW-LOG" identity="adk" operation="BIND"
object="EXCHANGE">
<properties>
<property key="routingKey" value="adk.*" />
<property key="name" value="amq.direct" />
</properties>
</acl>
<acl permission="ALLOW-LOG" identity="adk" operation="BIND"
object="EXCHANGE">
<properties>
<property key="routingKey" value="tmp.*" />
<property key="name" value="amq.direct" />
</properties>
</acl>
<acl permission="ALLOW" identity="adk" operation="CREATE" object="QUEUE">
<properties>
<property key="name" value="adk.*" />
<property key="owner" value="adk" />
</properties>
</acl>
<acl permission="ALLOW" identity="adk" operation="CREATE" object="QUEUE">
<properties>
<property key="temporary" value="true" />
<property key="owner" value="adk" />
</properties>
</acl>
<!-- allow publish and consume of messages on the queues -->
<acl permission="ALLOW" identity="adk" operation="CONSUME" object="QUEUE">
<properties>
<property key="name" value="adk.*" />
</properties>
</acl>
<acl permission="ALLOW" identity="adk" operation="PUBLISH" object="QUEUE">
<properties>
<property key="name" value="adk.*" />
</properties>
</acl>
<!-- default deny -->
<acl permission="DENY" identity="ANY"
operation="ALL" object="ALL" />
</rules>
==
== access-control ==
# allow adk access to this virtual host
ALLOW "a...@iterator" ACCESS VIRTUALHOST
# allow creating temporary queues and queues with names matching adk.*
ALLOW-LOG adk BIND EXCHANGE routingKey=adk.* name=amq.direct
ALLOW-LOG adk BIND EXCHANGE routingKey=tmp.*" name=amq.direct
ALLOW adk CREATE QUEUE name=adk.* owner=adk
ALLOW adk CREATE QUEUE temporary=true owner=adk
# allow publish and consume of messages on the queues
ALLOW adk CONSUME QUEUE name=adk.*
ALLOW adk PUBLISH QUEUE name=adk.*
# default deny
DENY ANY ALL ALL
==
> Add XML configuration syntax for ACLs in Java broker
> ----------------------------------------------------
>
> Key: QPID-2538
> URL: https://issues.apache.org/jira/browse/QPID-2538
> Project: Qpid
> Issue Type: Sub-task
> Components: Java Broker
> Reporter: Andrew Kennedy
> Fix For: 0.7
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
