Re: How to define RulesBased ACLs using Qpid Broker-J 7.0.0

2018-02-20 Thread bryand 
Thanks for the info.  I was able to get the acls defined via the REST API
Update.  There were a few little quirks I ran into where the documentation
on the ACL page
(https://qpid.apache.org/releases/qpid-broker-j-7.0.1/book/Java-Broker-Security-AccessControlProviders.html#Java-Broker-Security-AccessControlProviders-ACLRules)
didn't match what some of the enum values were such as:

Failed: RestfulWsException [responseStatusCode=422, responseBody={
  "errorMessage" : "No enum constant
org.apache.qpid.server.security.access.plugins.RuleOutcome.ALLOW-LOG"
  
  
Failed: RestfulWsException [responseStatusCode=422, responseBody={
  "errorMessage" : "No enum constant
org.apache.qpid.server.security.access.config.ObjectProperties.Property.ROUTINGKEY"
  

but I was able to transform values as necessary for the REST API call



--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

Re: How to define RulesBased ACLs using Qpid Broker-J 7.0.0

2018-01-23 Thread Rob Godfrey 
On 23 January 2018 at 13:25, bryand  wrote:

> I'm using qpid-broker-j-7.0.0 and can't find anything in the documentation
> (https://qpid.apache.org/releases/qpid-broker-j-7.0.0/
> book/Java-Broker-Security-AccessControlProviders.html)
> for how to define rule based ACLs.
>
> In the documentation it states:
> ACLFile - an older provider that references an externally provided ACL file
> (or data url). This provider is deprecated.
>
> Since ACLFile is deprecated and I'm setting up a new Qpid Broker-J
> environment, I don't want to use that.  However, if I pick RulesBased in
> the
> Web Management Console I don't have any options to enter the rules -  how
> do
> I define the rules?
>
>
>
Apologies, the UI should really expose the features of the underlying REST
API here to help.

The basic structure of the configuration of a RuleBase ACL Provider is
defined by

https://github.com/apache/qpid-broker-j/blob/master/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProvider.java

That is there is an attribute of this object named "rules" which contains a
list of rule instances (serialised as json objects).  The rule objects
essentially correspond to the form of the "legacy" rules (see the default
value as an example of the format).  You can set the value of the rules
attribute through the REST API [1]

The provider also allows a "legacy" ACL file to be uploaded directly
through the "loadFromFile" operation[2] which takes a query parameter
"path" which points to a path on the machine running the broker.

Hope this helps,
Rob

[1]
https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Management-Channel-REST-API.html#Java-Broker-Management-Channel-REST-API-Update
[2]
https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Management-Channel-REST-API.html#Java-Broker-Management-Channel-REST-API-Operations



>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-
> f2158936.html
>
> -
> To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
> For additional commands, e-mail: users-h...@qpid.apache.org
>
>

How to define RulesBased ACLs using Qpid Broker-J 7.0.0

2018-01-23 Thread bryand 
I'm using qpid-broker-j-7.0.0 and can't find anything in the documentation 
(https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Security-AccessControlProviders.html)
 
for how to define rule based ACLs. 

In the documentation it states: 
ACLFile - an older provider that references an externally provided ACL file
(or data url). This provider is deprecated. 

Since ACLFile is deprecated and I'm setting up a new Qpid Broker-J
environment, I don't want to use that.  However, if I pick RulesBased in the
Web Management Console I don't have any options to enter the rules -  how do
I define the rules? 



--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org

How to define RulesBased ACLs

2018-01-16 Thread bryand 
I'm using qpid-broker-j-7.0.0 and can't find anything in the documentation
(https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Security-AccessControlProviders.html)
for how to define rule based ACLs.



--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html

-
To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org
For additional commands, e-mail: users-h...@qpid.apache.org