Author: robbie Date: Sun Sep 2 14:36:07 2012 New Revision: 1379984 URL: http://svn.apache.org/viewvc?rev=1379984&view=rev Log: NO-JIRA: publish latest java documentation for trunk
Added: qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html Removed: qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/ch02s07.html Modified: qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/High-Availability.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/How-to-Tune-M3-Java-Broker-Performance.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Configuration-Guide.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Debug-Logging.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Slow-Consumer-Disconnect.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-General-User-Guides.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/OtherQueueTypes.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-JMX-Management-Console.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-Config-File.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-HowTos.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-Virtualhosts-Config.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Build-HowTo.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-FAQ.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Log4j.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-SSL.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/index.html qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/pdf/AMQP-Messaging-Broker-Java-Book.pdf Modified: qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html URL: http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html?rev=1379984&r1=1379983&r2=1379984&view=diff ============================================================================== --- qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html (original) +++ qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html Sun Sep 2 14:36:07 2012 @@ -1,4 +1,4 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>2.2. Configuring ACLs</title><link rel="stylesheet" href="css/style.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="AMQP Messaging Broker (Implemented in Java)"><link rel="up" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link rel="prev" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link rel="next" href="Qpid-Java-SSL.html" title="2.3. Configure Java Qpid to use a SSL connection."></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</ A></LI><LI><A href="http://qpid.apache.org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://q pid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://w ww.apache.org">Home</A></LI><LI><A href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Implemented in Java)</a></span> > <span class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How Tos</a></span> > <span class="breadcrumb-node"> +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>2.2. Configuring ACLs</title><link rel="stylesheet" href="css/style.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="AMQP Messaging Broker (Implemented in Java)"><link rel="up" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link rel="prev" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link rel="next" href="Configuring-Group-Providers.html" title="2.3. Configuring Group Providers"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></ LI><LI><A href="http://qpid.apache.org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid. apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.a pache.org">Home</A></LI><LI><A href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Implemented in Java)</a></span> > <span class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How Tos</a></span> > <span class="breadcrumb-node"> Configuring ACLs </span></DIV><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Configuring-ACLS"></a>2.2. Configuring ACLs @@ -36,10 +36,9 @@ </pre></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ConfigureACLs-WriteACL"></a>2.2.2. Writing .acl files </h3></div></div></div><p> - The ACL file consists of a series of rules and group definitions. Each rule grants or denies specific rights to a user or group. Group - definitions declare groups of users and serve to make the ACL file more concise. + The ACL file consists of a series of rules associating behaviour for a user or group. Use of groups can serve to make the ACL file more concise. See <a class="link" href="Configuring-Group-Providers.html" title="2.3. Configuring Group Providers">Configuring Group Providers</a> for more information on defining groups. </p><p> - Each ACL rule grants (or denies) a particular action on a object to a user. The rule may be augmented with one or more properties, restricting + Each ACL rule grants (or denies) a particular action on a object to a user/group. The rule may be augmented with one or more properties, restricting the rule's applicability. </p><pre class="programlisting"> ACL ALLOW alice CREATE QUEUE # Grants alice permission to create all queues. @@ -75,20 +74,14 @@ </p><pre class="programlisting"> ACL {permission} {<group-name>|<user-name>>|ALL} {action|ALL} [object|ALL] [property="<property-value>"] </pre><p> - GROUP definitions must follow this syntax: - </p><pre class="programlisting"> - GROUP {group name} {username 1}..{username n} # Where username is a username, or a groupname. - </pre><p> Comments may be introduced with the hash (#) character and are ignored. Long lines can be broken with the slash (\) character. </p><pre class="programlisting"> # A comment ACL ALLOW admin CREATE ALL # Also a comment ACL DENY guest \ ALL ALL # A broken line - GROUP securegroup bob \ - alice # Another broker line </pre></div><div class="table"><a name="tabl-ConfigureACLs-Syntax_permissions"></a><p class="title"><b>Table 2.2. ACL Rules: permission</b></p><div class="table-contents"><table summary="ACL Rules: permission" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>ALLOW</strong></span></td><td><p>Allow the action</p></td></tr><tr><td><span class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action and log the action in the log </p></td></tr><tr><td><span class="command"><strong>DENY</strong></span></td><td><p> Deny the action</p></td></tr><tr><td><span class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action and log the action in the log</p></td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="tabl-ConfigureACLs-Syntax_actions"></a><p class="title"><b>Table 2.3. ACL Rules:action</b></p><div class="table-contents"><table summary="ACL Rules:action" border ="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when subscriptions are created </p> </td></tr><tr><td> <span class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per message basis on publish message transfers</p> </td></tr><tr><td> <span class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an object is created, such as bindings, queues, exchanges</p> </td></tr><tr><td> <span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when an object is read or accessed</p> </td></tr><tr><td> <span class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues are bound to exchanges</p> </td></tr><tr><td> <span class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when queues are unbound from exchanges</p> </td></tr><tr><td> <span class="command"><strong>DELETE</strong></span> </td><td> <p> Applied when objects are d eleted </p> </td></tr><tr><td> <span class="command"><strong>PURGE</strong></span> </td><td> - <p>Applied when purge the contents of a queue</p> </td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when an object is updated </p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="tabl-ConfigureACLs-Syntax_objects"></a><p class="title"><b>Table 2.4. ACL Rules:object</b></p><div class="table-contents"><table summary="ACL Rules:object" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>QUEUE</strong></span> </td><td> <p> A queue </p> </td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> </td><td> <p> An exchange </p> </td></tr><tr><td> <span class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p> A virtualhost (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>METHOD</strong></span> </td><td> <p> Management or agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span class="comm and"><strong>BROKER</strong></span> </td><td> <p> The broker (not currently used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>LINK</strong></span> </td><td> <p> A federation or inter-broker link (not currently used in Java Broker)</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="tabl-ConfigureACLs-Syntax_properties"></a><p class="title"><b>Table 2.5. ACL Rules:property</b></p><div class="table-contents"><table summary="ACL Rules:property" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>name</strong></span> </td><td> <p> String. Object name, such as a queue name, exchange name or JMX method name. </p> </td></tr><tr><td> <span class="command"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> <span class="command"><strong>routingkey</strong></span> </td><td> <p> String. Specifies routing key </p> </td></t r><tr><td> <span class="command"><strong>passive</strong></span> </td><td> <p> Boolean. Indicates the presence of a <em class="parameter"><code>passive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. Indicates whether or not the object gets deleted when the connection is closed </p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>temporary</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span> </td><td> <p> String. Type of object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of the altern ate exchange </p> </td></tr><tr><td> <span class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of the queue (used only when the object is something other than <em class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span class="command"><strong>component</strong></span> </td><td> <p> String. JMX component name (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>schemapackage</strong></span> </td><td> <p> String. QMF schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>schemaclass</strong></span> </td><td> <p> String. QMF schema class name (Not used in Java Broker)</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="tabl-ConfigureACLs-Syntax_javacomponents"></a><p class="title"><b>Table 2.6. ACL rules:components (Java Broker only)</b></p><div class="table-contents"><table summary="ACL rules:components (Java Broker only)" bord er="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span class="command"><strong>UserManagement</strong></span> </td><td> <p>User maintainance; create/delete/view users, change passwords etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>ConfigurationManagement</strong></span> </td><td> <p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>LoggingManagement</strong></span> </td><td> <p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>ServerInformation</strong></span> </td><td> <p>Read-only information regarding the Qpid: version number etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue maintainance; copy/m ove/purge/view etc</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Exchange</strong></span> </td><td> <p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td> <p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td class="auto-generated"> </td></tr></tbody></table></div></div><br class="table-break"><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ConfigureACLs-WorkedExamples"></a>2.2.4. + <p>Applied when purge the contents of a queue</p> </td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when an object is updated </p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="tabl-ConfigureACLs-Syntax_objects"></a><p class="title"><b>Table 2.4. ACL Rules:object</b></p><div class="table-contents"><table summary="ACL Rules:object" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>QUEUE</strong></span> </td><td> <p> A queue </p> </td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> </td><td> <p> An exchange </p> </td></tr><tr><td> <span class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p> A virtualhost (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>USER</strong></span> </td><td> <p> A user (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>GROUP</strong></spa n> </td><td> <p> A group (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>METHOD</strong></span> </td><td> <p> Management or agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>BROKER</strong></span> </td><td> <p> The broker (not currently used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>LINK</strong></span> </td><td> <p> A federation or inter-broker link (not currently used in Java Broker)</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="tabl-ConfigureACLs-Syntax_properties"></a><p class="title"><b>Table 2.5. ACL Rules:property</b></p><div class="table-contents"><table summary="ACL Rules:property" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>name</strong></span> </td><td> <p> String. Object name, such as a queue name, exchange name or JMX method name. </p> </td></tr><tr><td> <span class="comm and"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> <span class="command"><strong>routingkey</strong></span> </td><td> <p> String. Specifies routing key </p> </td></tr><tr><td> <span class="command"><strong>passive</strong></span> </td><td> <p> Boolean. Indicates the presence of a <em class="parameter"><code>passive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. Indicates whether or not the object gets deleted when the connection is closed </p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>temporary</code></em> flag </p> </td></tr><tr><td> <span cla ss="command"><strong>type</strong></span> </td><td> <p> String. Type of object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of the alternate exchange </p> </td></tr><tr><td> <span class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of the queue (used only when the object is something other than <em class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span class="command"><strong>component</strong></span> </td><td> <p> String. JMX component name (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>schemapackage</strong></span> </td><td> <p> String. QMF schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>schemaclass</strong></span> </td><td> <p> String. QMF schema class name (Not used in Java Broker)</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table "><a name="tabl-ConfigureACLs-Syntax_javacomponents"></a><p class="title"><b>Table 2.6. ACL rules:components (Java Broker only)</b></p><div class="table-contents"><table summary="ACL rules:components (Java Broker only)" border="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span class="command"><strong>UserManagement</strong></span> </td><td> <p>User maintainance; create/delete/view users, change passwords etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>ConfigurationManagement</strong></span> </td><td> <p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>LoggingManagement</strong></span> </td><td> <p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>ServerInformation</strong></span> </td><td> <p>Read-only information regarding the Qpid: version number etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue maintainance; copy/move/purge/view etc</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Exchange</strong></span> </td><td> <p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td> <p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td class="auto-generated"> </td></tr></tbody></table></div></div><br class="table-break"><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="ConfigureACLs-WorkedExamples"></a>2.2.4. Worked Examples </h3></div></div></div><p> Here are three example ACLs illustrating some common use-cases. @@ -97,15 +90,15 @@ </h4></div></div></div><p> Suppose you wish to permission two users: a user 'operator' must be able to perform all Management operations, and a user 'readonly' must be enable to perform only read-only functions. Neither 'operator' nor 'readonly' - should be allow to connect for messaging. + should be allowed to connect clients for messaging. </p><pre class="programlisting"> - # Give operator permission to execute all JMX Methods - ACL ALLOW operator ALL METHOD - # Give operator permission to execute only read-only JMX Methods - ACL ALLOW readonly ACCESS METHOD - # Deny operator/readonly permission to perform messaging. - ACL DENY operator ACCESS VIRTUALHOST - ACL DENY readonly ACCESS VIRTUALHOST + # Deny (loggged) operator/readonly permission to connect messaging clients. + ACL DENY-LOG operator ACCESS VIRTUALHOST + ACL DENY-LOG readonly ACCESS VIRTUALHOST + # Give operator permission to perfom all other actions + ACL ALLOW operator ALL ALL + # Give readonly permission to execute only read-only actions + ACL ALLOW readonly ACCESS ALL ... ... rules for other users ... @@ -114,15 +107,15 @@ </pre></div><div class="section" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="ConfigureACLs-WorkedExample2"></a>2.2.4.2. Worked example 2 - User maintainer group </h4></div></div></div><p> - Suppose you wish to restrict User Management operations to users belonging to a group 'usermaint'. No other user - is allowed to perform user maintainence This example illustrates the permissioning of a individual component - and a group definition. + Suppose you wish to restrict User Management operations to users belonging to a <a class="link" href="Configuring-Group-Providers.html" title="2.3. Configuring Group Providers">group</a> 'usermaint'. No other user + is allowed to perform user maintainence This example illustrates the permissioning of an individual component. </p><pre class="programlisting"> - # Create a group usermaint with members bob and alice - GROUP usermaint bob alice - # Give operator permission to execute all JMX Methods + # Give usermaint permission to execute all JMX Methods on the + # UserManagement MBean and perform all actions for USER objects ACL ALLOW usermaint ALL METHOD component="UserManagement" + ACL ALLOW usermaint ALL USER ACL DENY ALL ALL METHOD component="UserManagement" + ACL DENY ALL ALL USER ... ... rules for other users ... @@ -158,6 +151,4 @@ ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" routingKey="TempQueue*" ACL DENY-LOG all all - </pre></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Qpid-Java-Broker-HowTos.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Qpid-Java-SSL.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. How Tos </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 2.3. - Configure Java Qpid to use a SSL connection. - </td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html> + </pre></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Qpid-Java-Broker-HowTos.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Configuring-Group-Providers.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 2. How Tos </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 2.3. Configuring Group Providers</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html> Added: qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html URL: http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html?rev=1379984&view=auto ============================================================================== --- qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html (added) +++ qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html Sun Sep 2 14:36:07 2012 @@ -0,0 +1,126 @@ +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>2.8. Configuring Authentication Mechanisms</title><link rel="stylesheet" href="css/style.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="AMQP Messaging Broker (Implemented in Java)"><link rel="up" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link rel="prev" href="Qpid-Java-Broker-Virtualhosts-Config.html" title="2.7. Configure the Virtual Hosts via virtualhosts.xml"><link rel="next" href="Java-Broker-Debug-Logging.html" title="2.9. Debug using log4j"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI ><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A >href="http://qpid.apache.org/download.html">Download</A></LI><LI><A >href="http://qpid.apache.org/getting_started.html">Getting >Started</A></LI><LI><A >href="http://www.apache.org/licenses/">License</A></LI><LI><A >href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV >class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV >class="menu_box_body"><H3>Documentation</H3><UL><LI><A >href="http://qpid.apache.org/documentation.html#doc-release">Latest >Release</A></LI><LI><A >href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A > >href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV > class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV >class="menu_box_body"><H3>Community</H3><UL><LI><A >href="http://qpid.apache.org/getting_involved.html">Getting >Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.ht ml">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_b ody"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Implemented in Java)</a></span> > <span class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How Tos</a></span> > <span class="breadcrumb-node">Configuring Authentication Mechanisms</span></DIV><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Configuring-Authentication-Mechanisms"></a>2.8. Configuring Authentication Mechanisms</h2></div></div></div><p> + In order to successfully establish a connection to the Java Broker, the connection must be + authenticated. The Java Broker supports a number of different authentication schemesi, each + with its own "authentication manager". Different managers may be used on different ports. + Each manager has its own configuration element, the presence of which within the + <security> section denotes the use of that authentication mechanism. Where only one + such manager is configured, that manager will be used on all ports (including JMX). Where + more than one authentication manager is configured the configuration must define which + manager is the "default", and (if required) the mapping of non-default authentication + managers to other ports. + </p><p> + The following configuration sets up three authentication managers, using a password file as + the default (e.g. for the JMX port), Kerberos on port 5672 and Anonymous on 5673. + </p><pre class="programlisting"> + <security> + <pd-auth-manager> + <principal-database> + <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/passwd</value> + </attribute> + </attributes> + </principal-database> + </pd-auth-manager> + <kerberos-auth-manager><auth-name>sib</auth-name></kerberos-auth-manager> + <anonymous-auth-manager></anonymous-auth-manager> + <default-auth-manager>PrincipalDatabaseAuthenticationManager</default-auth-manager> + <port-mappings> + <port-mapping> + <port>5672</port> + <auth-manager>KerberosAuthenticationManager</auth-manager> + </port-mapping> + <port-mapping> + <port>5673</port> + <auth-manager>AnonymousAuthenticationManager</auth-manager> + </port-mapping> + </port-mappings> + </security> + </pre><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2497242"></a>2.8.1. Password File</h3></div></div></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2497892"></a>2.8.2. LDAP</h3></div></div></div><pre class="programlisting"> + <security> + <simple-ldap-auth-manager> + <provider-url>ldaps://example.com:636/</provider-url> + <search-context>dc=example\,dc=com</search-context> + <search-filter>(uid={0})</search-filter> + </simple-ldap-auth-manager> + </security> + </pre><p> + The authentication manager first connects to the ldap server anonymously and searches for the + ldap entity which is identified by the username provided over SASL. Essentially the + authentication manager calls + DirContext.search(Name name, String filterExpr, Object[] filterArgs, SearchControls cons) + with the values of search-context and search-filter as the first two arguments, and the username + as the only element in the array which is the third argument. + </p><p> + If the search returns a name from the LDAP server, the AuthenticationManager then attempts to + login to the ldap server with the given name and the password. + </p><p> + If the URL to open for authentication is different to that for the search, then the + authentication url can be overridden using <provider-auth-url> in addition to providing a + <provider-url>. Note that the URL used for authentication should use ldaps:// since + passwords will be being sent over it. + </p><p> + By default com.sun.jndi.ldap.LdapCtxFactory is used to create the context, however this can be + overridden by specifying <ldap-context-factory> in the configuration. + </p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2497939"></a>2.8.3. Kerberos</h3></div></div></div><p> + Kereberos Authentication is configured using the <kerberos-auth-manager> element within + the <security> section. When referencing from the default-auth-manager or port-mapping + sections, its name is KerberosAuthenticationManager. + </p><p> + Since Kerberos support only works where SASL authentication is available (e.g. not for JMX + authentication) you may wish to also include an alternative Authentication Manager + configuration, and use this for other ports: + </p><pre class="programlisting"> + <security> + <pd-auth-manager> + <principal-database> + <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/passwd</value> + </attribute> + </attributes> + </principal-database> + </pd-auth-manager> + <kerberos-auth-manager><auth-name>sib</auth-name></kerberos-auth-manager> + <default-auth-manager>PrincipalDatabaseAuthenticationManager</default-auth-manager> + <port-mappings> + <port-mapping> + <port>5672</port> + <auth-manager>KerberosAuthenticationManager</auth-manager> + </port-mapping> + </port-mappings> + </security> + </pre><p> + Configuration of kerberos is done through system properties (there doesn't seem to be a way + around this unfortunately). + </p><pre class="programlisting"> + export QPID_OPTS=-Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=qpid.conf + ${QPID_HOME}/bin/qpid-server + </pre><p>Where qpid.conf would look something like this:</p><pre class="programlisting"> +com.sun.security.jgss.accept { + com.sun.security.auth.module.Krb5LoginModule required + useKeyTab=true + storeKey=true + doNotPrompt=true + realm="EXAMPLE.COM" + useSubjectCredsOnly=false + kdc="kerberos.example.com" + keyTab="/path/to/keytab-file" + principal="<name>/<host>"; +}; + </pre><p> + Where realm, kdc, keyTab and principal should obviously be set correctly for the environment + where you are running (see the existing documentation for the C++ broker about creating a keytab + file). + </p><p> + Note: You may need to install the "Java Cryptography Extension (JCE) Unlimited Strength + Jurisdiction Policy Files" appropriate for your JDK in order to get Kerberos support working. + </p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2496729"></a>2.8.4. SSL Client Certificates</h3></div></div></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2496734"></a>2.8.5. Anonymous</h3></div></div></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Qpid-Java-Broker-Virtualhosts-Config.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Debug-Logging.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">2.7. + Configure the Virtual Hosts via virtualhosts.xml +  </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 2.9. + Debug using log4j + </td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html> Added: qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html URL: http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html?rev=1379984&view=auto ============================================================================== --- qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html (added) +++ qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html Sun Sep 2 14:36:07 2012 @@ -0,0 +1,35 @@ +<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>2.3. Configuring Group Providers</title><link rel="stylesheet" href="css/style.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="AMQP Messaging Broker (Implemented in Java)"><link rel="up" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link rel="prev" href="Configuring-ACLS.html" title="2.2. Configuring ACLs"><link rel="next" href="Qpid-Java-SSL.html" title="2.4. Configure Java Qpid to use a SSL connection."></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Ho me</A></LI><LI><A href="http://qpid.apache.org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http ://qpid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http ://www.apache.org">Home</A></LI><LI><A href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Implemented in Java)</a></span> > <span class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How Tos</a></span> > <span class="breadcrumb-node">Configuring Group Providers</span></DIV><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="Configuring-Group-Providers"></a>2.3. Configuring Group Providers</h2></div></div></div><p> + The Java broker utilises GroupProviders to allow assigning users to groups for use in <a class="link" href="Configuring-ACLS.html" title="2.2. Configuring ACLs">ACLs</a>. Following authentication by a given <a class="link" href="Configuring-Authentication-Mechanisms.html" title="2.8. Configuring Authentication Mechanisms">Authentication Provider</a>, the configured Group Providers are consulted to allowing assignment of GroupPrincipals for a given authenticated user. + </p><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="File-Group-Manager"></a>2.3.1. FileGroupManager</h3></div></div></div><p> + The FileGroupManager allows specifying group membership in a flat file on disk, and is also exposed for inspection and update through the brokers HTTP management interface. + </p><p> + To enable the FileGroupManager, add the following configuration to the config.xml, adjusting the groupFile attribute value to match your desired groups file location. + </p><pre class="programlisting"> + ... + <security> + <file-group-manager> + <attributes> + <attribute> + <name>groupFile</name> + <value>${conf}/groups</value> + </attribute> + </attributes> + </file-group-manager> + </security> + ... +</pre><div class="section" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="File-Group-Manager-FileFormat"></a>2.3.1.1. File Format</h4></div></div></div><p> + The groups file has the following format: + </p><pre class="programlisting"> + # <GroupName>.users = <comma deliminated user list> + # For example: + + administrators.users = admin,manager +</pre><p> + Only users can be added to a group currently, not other groups. Usernames can't contain commas. + </p><p> + Lines starting with a '#' are treated as comments when opening the file, but these are not preserved when the broker updates the file due to changes made through the management interface. + </p></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Configuring-ACLS.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Qpid-Java-SSL.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">2.2. + Configuring ACLs +  </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 2.4. + Configure Java Qpid to use a SSL connection. + </td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org