svn commit: r1379984 [1/5] - in /qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book: html/ pdf/

Sun, 02 Sep 2012 07:36:56 -0700 

Author: robbie
Date: Sun Sep  2 14:36:07 2012
New Revision: 1379984

URL: http://svn.apache.org/viewvc?rev=1379984&view=rev
Log:
NO-JIRA: publish latest java documentation for trunk

Added:
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html
Removed:
    qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/ch02s07.html
Modified:
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/High-Availability.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/How-to-Tune-M3-Java-Broker-Performance.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Configuration-Guide.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Debug-Logging.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-Broker-Slow-Consumer-Disconnect.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Java-General-User-Guides.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/OtherQueueTypes.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-JMX-Management-Console.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-Config-File.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-HowTos.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Broker-Virtualhosts-Config.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Build-HowTo.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-FAQ.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-Log4j.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Qpid-Java-SSL.html
    qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/index.html
    
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/pdf/AMQP-Messaging-Broker-Java-Book.pdf

Modified: 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html
URL: 
http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html?rev=1379984&r1=1379983&r2=1379984&view=diff
==============================================================================
--- 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html
 (original)
+++ 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-ACLS.html
 Sun Sep  2 14:36:07 2012
@@ -1,4 +1,4 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; 
charset=UTF-8"><title>2.2.  Configuring ACLs</title><link rel="stylesheet" 
href="css/style.css" type="text/css"><meta name="generator" content="DocBook 
XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="AMQP 
Messaging Broker (Implemented in Java)"><link rel="up" 
href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link 
rel="prev" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How 
Tos"><link rel="next" href="Qpid-Java-SSL.html" title="2.3.  Configure Java 
Qpid to use a SSL connection."></head><body><div class="container" 
bgcolor="white" text="black" link="#0000FF" vlink="#840084" 
alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache 
Qpid™</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV 
class="menu_box"><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A 
href="http://qpid.apache.org/index.html";>Home</
 A></LI><LI><A 
href="http://qpid.apache.org/download.html";>Download</A></LI><LI><A 
href="http://qpid.apache.org/getting_started.html";>Getting 
Started</A></LI><LI><A 
href="http://www.apache.org/licenses/";>License</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/faq.html";>FAQ</A></LI></UL></DIV><DIV 
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Documentation</H3><UL><LI><A 
href="http://qpid.apache.org/documentation.html#doc-release";>Latest 
Release</A></LI><LI><A 
href="http://qpid.apache.org/documentation.html#doc-trunk";>Trunk</A></LI><LI><A 
href="http://qpid.apache.org/documentation.html#doc-archives";>Archive</A></LI></UL></DIV><DIV
 class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Community</H3><UL><LI><A 
href="http://qpid.apache.org/getting_involved.html";>Getting 
Involved</A></LI><LI><A 
href="http://qpid.apache.org/source_repository.html";>Source 
Repository</A></LI><LI><A href="http://q
 pid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/";>Wiki</A></LI><LI><A 
href="https://issues.apache.org/jira/browse/qpid";>Issue 
Reporting</A></LI><LI><A 
href="http://qpid.apache.org/people.html";>People</A></LI><LI><A 
href="http://qpid.apache.org/acknowledgements.html";>Acknowledgements</A></LI></UL></DIV><DIV
 class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Developers</H3><UL><LI><A 
href="https://cwiki.apache.org/qpid/building.html";>Building Qpid</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/developer-pages.html";>Developer 
Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About 
AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html";>What is 
AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About 
Apache</H3><UL><LI><A href="http://w
 ww.apache.org">Home</A></LI><LI><A 
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</A></LI><LI><A
 href="http://www.apache.org/foundation/thanks.html";>Thanks</A></LI><LI><A 
href="http://www.apache.org/security/";>Security</A></LI></UL></DIV><DIV 
class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div 
class="main_text_area_top"></div><div class="main_text_area_body"><DIV 
class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP 
Messaging Broker (Implemented in Java)</a></span> &gt; <span 
class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How 
Tos</a></span> &gt; <span class="breadcrumb-node">
+<html><head><meta http-equiv="Content-Type" content="text/html; 
charset=UTF-8"><title>2.2.  Configuring ACLs</title><link rel="stylesheet" 
href="css/style.css" type="text/css"><meta name="generator" content="DocBook 
XSL Stylesheets V1.73.2"><link rel="start" href="index.html" title="AMQP 
Messaging Broker (Implemented in Java)"><link rel="up" 
href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link 
rel="prev" href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How 
Tos"><link rel="next" href="Configuring-Group-Providers.html" 
title="2.3. Configuring Group Providers"></head><body><div class="container" 
bgcolor="white" text="black" link="#0000FF" vlink="#840084" 
alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache 
Qpid™</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV 
class="menu_box"><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A 
href="http://qpid.apache.org/index.html";>Home</A></
 LI><LI><A href="http://qpid.apache.org/download.html";>Download</A></LI><LI><A 
href="http://qpid.apache.org/getting_started.html";>Getting 
Started</A></LI><LI><A 
href="http://www.apache.org/licenses/";>License</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/faq.html";>FAQ</A></LI></UL></DIV><DIV 
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Documentation</H3><UL><LI><A 
href="http://qpid.apache.org/documentation.html#doc-release";>Latest 
Release</A></LI><LI><A 
href="http://qpid.apache.org/documentation.html#doc-trunk";>Trunk</A></LI><LI><A 
href="http://qpid.apache.org/documentation.html#doc-archives";>Archive</A></LI></UL></DIV><DIV
 class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Community</H3><UL><LI><A 
href="http://qpid.apache.org/getting_involved.html";>Getting 
Involved</A></LI><LI><A 
href="http://qpid.apache.org/source_repository.html";>Source 
Repository</A></LI><LI><A href="http://qpid.
 apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/";>Wiki</A></LI><LI><A 
href="https://issues.apache.org/jira/browse/qpid";>Issue 
Reporting</A></LI><LI><A 
href="http://qpid.apache.org/people.html";>People</A></LI><LI><A 
href="http://qpid.apache.org/acknowledgements.html";>Acknowledgements</A></LI></UL></DIV><DIV
 class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Developers</H3><UL><LI><A 
href="https://cwiki.apache.org/qpid/building.html";>Building Qpid</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/developer-pages.html";>Developer 
Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About 
AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html";>What is 
AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About 
Apache</H3><UL><LI><A href="http://www.a
 pache.org">Home</A></LI><LI><A 
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</A></LI><LI><A
 href="http://www.apache.org/foundation/thanks.html";>Thanks</A></LI><LI><A 
href="http://www.apache.org/security/";>Security</A></LI></UL></DIV><DIV 
class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div 
class="main_text_area_top"></div><div class="main_text_area_body"><DIV 
class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP 
Messaging Broker (Implemented in Java)</a></span> &gt; <span 
class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How 
Tos</a></span> &gt; <span class="breadcrumb-node">
       Configuring ACLs
   </span></DIV><div class="section" lang="en"><div 
class="titlepage"><div><div><h2 class="title"><a 
name="Configuring-ACLS"></a>2.2. 
       Configuring ACLs
@@ -36,10 +36,9 @@
     </pre></div><div class="section" lang="en"><div 
class="titlepage"><div><div><h3 class="title"><a 
name="ConfigureACLs-WriteACL"></a>2.2.2. 
        Writing .acl files
     </h3></div></div></div><p>
-      The ACL file consists of a series of rules and group definitions.  Each 
rule grants or denies specific rights to a user or group. Group
-      definitions declare groups of users and serve to make the ACL file more 
concise.
+      The ACL file consists of a series of rules associating behaviour for a 
user or group. Use of groups can serve to make the ACL file more concise. See 
<a class="link" href="Configuring-Group-Providers.html" 
title="2.3. Configuring Group Providers">Configuring Group Providers</a> for 
more information on defining groups.
     </p><p>
-      Each ACL rule grants (or denies) a particular action on a object to a 
user.  The rule may be augmented with one or more properties, restricting
+      Each ACL rule grants (or denies) a particular action on a object to a 
user/group.  The rule may be augmented with one or more properties, restricting
       the rule's applicability.
     </p><pre class="programlisting">
       ACL ALLOW alice CREATE QUEUE              # Grants alice permission to 
create all queues.
@@ -75,20 +74,14 @@
     </p><pre class="programlisting">
      ACL {permission} {&lt;group-name&gt;|&lt;user-name&gt;&gt;|ALL} 
{action|ALL} [object|ALL] [property="&lt;property-value&gt;"]
     </pre><p>
-       GROUP definitions must follow this syntax:
-    </p><pre class="programlisting">
-     GROUP {group name} {username 1}..{username n} # Where username is a 
username, or a groupname.
-    </pre><p>
        Comments may be introduced with the hash (#) character and are ignored. 
 Long lines can be broken with the slash (\) character.
     </p><pre class="programlisting">
       # A comment
       ACL ALLOW admin CREATE ALL # Also a comment
       ACL DENY guest \
       ALL ALL   # A broken line
-      GROUP securegroup bob \
-      alice # Another broker line
     </pre></div><div class="table"><a 
name="tabl-ConfigureACLs-Syntax_permissions"></a><p 
class="title"><b>Table 2.2. ACL Rules: permission</b></p><div 
class="table-contents"><table summary="ACL Rules: permission" 
border="1"><colgroup><col><col></colgroup><tbody><tr><td><span 
class="command"><strong>ALLOW</strong></span></td><td><p>Allow the 
action</p></td></tr><tr><td><span 
class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action 
and log the action in the log </p></td></tr><tr><td><span 
class="command"><strong>DENY</strong></span></td><td><p> Deny the 
action</p></td></tr><tr><td><span 
class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action 
and log the action in the log</p></td></tr></tbody></table></div></div><br 
class="table-break"><div class="table"><a 
name="tabl-ConfigureACLs-Syntax_actions"></a><p 
class="title"><b>Table 2.3. ACL Rules:action</b></p><div 
class="table-contents"><table summary="ACL Rules:action" border
 ="1"><colgroup><col><col></colgroup><tbody><tr><td> <span 
class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when 
subscriptions are created </p> </td></tr><tr><td> <span 
class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per 
message basis on publish message transfers</p> </td></tr><tr><td> <span 
class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an 
object is created, such as bindings, queues, exchanges</p> </td></tr><tr><td> 
<span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when 
an object is read or accessed</p> </td></tr><tr><td> <span 
class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues 
are bound to exchanges</p> </td></tr><tr><td> <span 
class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when 
queues are unbound from exchanges</p> </td></tr><tr><td> <span 
class="command"><strong>DELETE</strong></span> </td><td> <p> Applied when 
objects are d
 eleted </p> </td></tr><tr><td> <span 
class="command"><strong>PURGE</strong></span> </td><td>
-          <p>Applied when purge the contents of a queue</p> </td></tr><tr><td> 
<span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when 
an object is updated </p> </td></tr></tbody></table></div></div><br 
class="table-break"><div class="table"><a 
name="tabl-ConfigureACLs-Syntax_objects"></a><p 
class="title"><b>Table 2.4. ACL Rules:object</b></p><div 
class="table-contents"><table summary="ACL Rules:object" 
border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span 
class="command"><strong>QUEUE</strong></span> </td><td> <p> A queue </p> 
</td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> 
</td><td> <p> An exchange </p> </td></tr><tr><td> <span 
class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p> A virtualhost 
(Java Broker only)</p> </td></tr><tr><td> <span 
class="command"><strong>METHOD</strong></span> </td><td> <p> Management or 
agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span 
class="comm
 and"><strong>BROKER</strong></span> </td><td> <p> The broker (not currently 
used in Java Broker)</p> </td></tr><tr><td> <span 
class="command"><strong>LINK</strong></span> </td><td> <p> A federation or 
inter-broker link (not currently used in Java Broker)</p> 
</td></tr></tbody></table></div></div><br class="table-break"><div 
class="table"><a name="tabl-ConfigureACLs-Syntax_properties"></a><p 
class="title"><b>Table 2.5. ACL Rules:property</b></p><div 
class="table-contents"><table summary="ACL Rules:property" 
border="1"><colgroup><col><col></colgroup><tbody><tr><td><span 
class="command"><strong>name</strong></span> </td><td> <p> String. Object name, 
such as a queue name, exchange name or JMX method name.  </p> 
</td></tr><tr><td> <span class="command"><strong>durable</strong></span> 
</td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> 
<span class="command"><strong>routingkey</strong></span> </td><td> <p> String. 
Specifies routing key </p> </td></t
 r><tr><td> <span class="command"><strong>passive</strong></span> </td><td> <p> 
Boolean. Indicates the presence of a <em 
class="parameter"><code>passive</code></em> flag </p> </td></tr><tr><td> <span 
class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. 
Indicates whether or not the object gets deleted when the connection is closed 
</p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> 
</td><td> <p> Boolean. Indicates the presence of an <em 
class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> 
<span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean. 
Indicates the presence of an <em class="parameter"><code>temporary</code></em> 
flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span> 
</td><td> <p> String. Type of object, such as topic, fanout, or xml </p> 
</td></tr><tr><td> <span class="command"><strong>alternate</strong></span> 
</td><td> <p> String. Name of the altern
 ate exchange </p> </td></tr><tr><td> <span 
class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of 
the queue (used only when the object is something other than <em 
class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span 
class="command"><strong>component</strong></span> </td><td> <p> String. JMX 
component name (Java Broker only)</p> </td></tr><tr><td> <span 
class="command"><strong>schemapackage</strong></span> </td><td> <p> String. QMF 
schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span 
class="command"><strong>schemaclass</strong></span> </td><td> <p> String. QMF 
schema class name (Not used in Java Broker)</p> 
</td></tr></tbody></table></div></div><br class="table-break"><div 
class="table"><a name="tabl-ConfigureACLs-Syntax_javacomponents"></a><p 
class="title"><b>Table 2.6. ACL rules:components (Java Broker 
only)</b></p><div class="table-contents"><table summary="ACL rules:components 
(Java Broker only)" bord
 er="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span 
class="command"><strong>UserManagement</strong></span> </td><td> <p>User 
maintainance; create/delete/view users, change passwords etc</p> </td><td> 
<p>permissionable at broker level only</p> </td></tr><tr><td> <span 
class="command"><strong>ConfigurationManagement</strong></span> </td><td> 
<p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable 
at broker level only</p> </td></tr><tr><td> <span 
class="command"><strong>LoggingManagement</strong></span> </td><td> 
<p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at 
broker level only</p> </td></tr><tr><td> <span 
class="command"><strong>ServerInformation</strong></span> </td><td> 
<p>Read-only information regarding the Qpid: version number etc</p> </td><td> 
<p>permissionable at broker level only</p> </td></tr><tr><td> <span 
class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue 
maintainance; copy/m
 ove/purge/view etc</p> </td><td class="auto-generated"> </td></tr><tr><td> 
<span class="command"><strong>VirtualHost.Exchange</strong></span> </td><td> 
<p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td 
class="auto-generated"> </td></tr><tr><td> <span 
class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td> 
<p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td 
class="auto-generated"> </td></tr></tbody></table></div></div><br 
class="table-break"><div class="section" lang="en"><div 
class="titlepage"><div><div><h3 class="title"><a 
name="ConfigureACLs-WorkedExamples"></a>2.2.4. 
+          <p>Applied when purge the contents of a queue</p> </td></tr><tr><td> 
<span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when 
an object is updated </p> </td></tr></tbody></table></div></div><br 
class="table-break"><div class="table"><a 
name="tabl-ConfigureACLs-Syntax_objects"></a><p 
class="title"><b>Table 2.4. ACL Rules:object</b></p><div 
class="table-contents"><table summary="ACL Rules:object" 
border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span 
class="command"><strong>QUEUE</strong></span> </td><td> <p> A queue </p> 
</td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> 
</td><td> <p> An exchange </p> </td></tr><tr><td> <span 
class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p> A virtualhost 
(Java Broker only)</p> </td></tr><tr><td> <span 
class="command"><strong>USER</strong></span> </td><td> <p> A user (Java Broker 
only)</p> </td></tr><tr><td> <span class="command"><strong>GROUP</strong></spa
 n> </td><td> <p> A group (Java Broker only)</p> </td></tr><tr><td> <span 
class="command"><strong>METHOD</strong></span> </td><td> <p> Management or 
agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span 
class="command"><strong>BROKER</strong></span> </td><td> <p> The broker (not 
currently used in Java Broker)</p> </td></tr><tr><td> <span 
class="command"><strong>LINK</strong></span> </td><td> <p> A federation or 
inter-broker link (not currently used in Java Broker)</p> 
</td></tr></tbody></table></div></div><br class="table-break"><div 
class="table"><a name="tabl-ConfigureACLs-Syntax_properties"></a><p 
class="title"><b>Table 2.5. ACL Rules:property</b></p><div 
class="table-contents"><table summary="ACL Rules:property" 
border="1"><colgroup><col><col></colgroup><tbody><tr><td><span 
class="command"><strong>name</strong></span> </td><td> <p> String. Object name, 
such as a queue name, exchange name or JMX method name.  </p> 
</td></tr><tr><td> <span class="comm
 and"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the 
object is durable </p> </td></tr><tr><td> <span 
class="command"><strong>routingkey</strong></span> </td><td> <p> String. 
Specifies routing key </p> </td></tr><tr><td> <span 
class="command"><strong>passive</strong></span> </td><td> <p> Boolean. 
Indicates the presence of a <em class="parameter"><code>passive</code></em> 
flag </p> </td></tr><tr><td> <span 
class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. 
Indicates whether or not the object gets deleted when the connection is closed 
</p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> 
</td><td> <p> Boolean. Indicates the presence of an <em 
class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> 
<span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean. 
Indicates the presence of an <em class="parameter"><code>temporary</code></em> 
flag </p> </td></tr><tr><td> <span cla
 ss="command"><strong>type</strong></span> </td><td> <p> String. Type of 
object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span 
class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of 
the alternate exchange </p> </td></tr><tr><td> <span 
class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of 
the queue (used only when the object is something other than <em 
class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span 
class="command"><strong>component</strong></span> </td><td> <p> String. JMX 
component name (Java Broker only)</p> </td></tr><tr><td> <span 
class="command"><strong>schemapackage</strong></span> </td><td> <p> String. QMF 
schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span 
class="command"><strong>schemaclass</strong></span> </td><td> <p> String. QMF 
schema class name (Not used in Java Broker)</p> 
</td></tr></tbody></table></div></div><br class="table-break"><div class="table
 "><a name="tabl-ConfigureACLs-Syntax_javacomponents"></a><p 
class="title"><b>Table 2.6. ACL rules:components (Java Broker 
only)</b></p><div class="table-contents"><table summary="ACL rules:components 
(Java Broker only)" 
border="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span 
class="command"><strong>UserManagement</strong></span> </td><td> <p>User 
maintainance; create/delete/view users, change passwords etc</p> </td><td> 
<p>permissionable at broker level only</p> </td></tr><tr><td> <span 
class="command"><strong>ConfigurationManagement</strong></span> </td><td> 
<p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable 
at broker level only</p> </td></tr><tr><td> <span 
class="command"><strong>LoggingManagement</strong></span> </td><td> 
<p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at 
broker level only</p> </td></tr><tr><td> <span 
class="command"><strong>ServerInformation</strong></span> </td><td> 
<p>Read-only 
 information regarding the Qpid: version number etc</p> </td><td> 
<p>permissionable at broker level only</p> </td></tr><tr><td> <span 
class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue 
maintainance; copy/move/purge/view etc</p> </td><td 
class="auto-generated"> </td></tr><tr><td> <span 
class="command"><strong>VirtualHost.Exchange</strong></span> </td><td> 
<p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td 
class="auto-generated"> </td></tr><tr><td> <span 
class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td> 
<p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td 
class="auto-generated"> </td></tr></tbody></table></div></div><br 
class="table-break"><div class="section" lang="en"><div 
class="titlepage"><div><div><h3 class="title"><a 
name="ConfigureACLs-WorkedExamples"></a>2.2.4. 
       Worked Examples
     </h3></div></div></div><p>
        Here are three example ACLs illustrating some common use-cases.
@@ -97,15 +90,15 @@
       </h4></div></div></div><p>
          Suppose you wish to permission two users: a user 'operator' must be 
able to perform all Management operations, and
          a user 'readonly' must be enable to perform only read-only functions. 
 Neither 'operator' nor 'readonly'
-         should be allow to connect for messaging.
+         should be allowed to connect clients for messaging.
       </p><pre class="programlisting">
-        # Give operator permission to execute all JMX Methods
-        ACL ALLOW operator ALL METHOD
-        # Give operator permission to execute only read-only JMX Methods
-        ACL ALLOW readonly ACCESS METHOD
-        # Deny operator/readonly permission to perform messaging.
-        ACL DENY operator ACCESS VIRTUALHOST
-        ACL DENY readonly ACCESS VIRTUALHOST
+        # Deny (loggged) operator/readonly permission to connect messaging 
clients.
+        ACL DENY-LOG operator ACCESS VIRTUALHOST
+        ACL DENY-LOG readonly ACCESS VIRTUALHOST
+        # Give operator permission to perfom all other actions
+        ACL ALLOW operator ALL ALL
+        # Give readonly permission to execute only read-only actions
+        ACL ALLOW readonly ACCESS ALL
         ...
         ... rules for other users
         ...
@@ -114,15 +107,15 @@
       </pre></div><div class="section" lang="en"><div 
class="titlepage"><div><div><h4 class="title"><a 
name="ConfigureACLs-WorkedExample2"></a>2.2.4.2. 
         Worked example 2 - User maintainer group
       </h4></div></div></div><p>
-         Suppose you wish to restrict User Management operations to users 
belonging to a group 'usermaint'.  No other user
-         is allowed to perform user maintainence  This example illustrates the 
permissioning of a individual component 
-         and a group definition.
+         Suppose you wish to restrict User Management operations to users 
belonging to a <a class="link" href="Configuring-Group-Providers.html" 
title="2.3. Configuring Group Providers">group</a> 'usermaint'.  No other user
+         is allowed to perform user maintainence  This example illustrates the 
permissioning of an individual component.
       </p><pre class="programlisting">
-        # Create a group usermaint with members bob and alice
-        GROUP usermaint bob alice
-        # Give operator permission to execute all JMX Methods
+        # Give usermaint permission to execute all JMX Methods on the
+        # UserManagement MBean and perform all actions for USER objects
         ACL ALLOW usermaint ALL METHOD component="UserManagement"
+        ACL ALLOW usermaint ALL USER
         ACL DENY ALL ALL METHOD component="UserManagement"
+        ACL DENY ALL ALL USER
         ...
         ... rules for other users
         ...
@@ -158,6 +151,4 @@
         ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" 
routingKey="TempQueue*"
         
         ACL DENY-LOG all all
-      </pre></div></div></div></div><div class="navfooter"><hr><table 
width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a 
accesskey="p" href="Qpid-Java-Broker-HowTos.html">Prev</a> </td><td 
width="20%" align="center"><a accesskey="u" 
href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%" 
align="right"> <a accesskey="n" 
href="Qpid-Java-SSL.html">Next</a></td></tr><tr><td width="40%" align="left" 
valign="top">Chapter 2. How Tos </td><td width="20%" align="center"><a 
accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" 
valign="top"> 2.3. 
-      Configure Java Qpid to use a SSL connection.
-    </td></tr></table></div><div 
class="main_text_area_bottom"></div></div></div></body></html>
+      </pre></div></div></div></div><div class="navfooter"><hr><table 
width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a 
accesskey="p" href="Qpid-Java-Broker-HowTos.html">Prev</a> </td><td 
width="20%" align="center"><a accesskey="u" 
href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%" 
align="right"> <a accesskey="n" 
href="Configuring-Group-Providers.html">Next</a></td></tr><tr><td width="40%" 
align="left" valign="top">Chapter 2. How Tos </td><td width="20%" 
align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" 
align="right" valign="top"> 2.3. Configuring Group 
Providers</td></tr></table></div><div 
class="main_text_area_bottom"></div></div></div></body></html>

Added: 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html
URL: 
http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html?rev=1379984&view=auto
==============================================================================
--- 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html
 (added)
+++ 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Authentication-Mechanisms.html
 Sun Sep  2 14:36:07 2012
@@ -0,0 +1,126 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; 
charset=UTF-8"><title>2.8. Configuring Authentication Mechanisms</title><link 
rel="stylesheet" href="css/style.css" type="text/css"><meta name="generator" 
content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" 
title="AMQP Messaging Broker (Implemented in Java)"><link rel="up" 
href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link 
rel="prev" href="Qpid-Java-Broker-Virtualhosts-Config.html" title="2.7.  
Configure the Virtual Hosts via virtualhosts.xml"><link rel="next" 
href="Java-Broker-Debug-Logging.html" title="2.9.  Debug using 
log4j"></head><body><div class="container" bgcolor="white" text="black" 
link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV 
class="logo"><H1>Apache Qpid™</H1><H2>Open Source AMQP 
Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache 
Qpid</H3><UL><LI
 ><A href="http://qpid.apache.org/index.html";>Home</A></LI><LI><A 
 >href="http://qpid.apache.org/download.html";>Download</A></LI><LI><A 
 >href="http://qpid.apache.org/getting_started.html";>Getting 
 >Started</A></LI><LI><A 
 >href="http://www.apache.org/licenses/";>License</A></LI><LI><A 
 >href="https://cwiki.apache.org/qpid/faq.html";>FAQ</A></LI></UL></DIV><DIV 
 >class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
 >class="menu_box_body"><H3>Documentation</H3><UL><LI><A 
 >href="http://qpid.apache.org/documentation.html#doc-release";>Latest 
 >Release</A></LI><LI><A 
 >href="http://qpid.apache.org/documentation.html#doc-trunk";>Trunk</A></LI><LI><A
 > 
 >href="http://qpid.apache.org/documentation.html#doc-archives";>Archive</A></LI></UL></DIV><DIV
 > class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
 >class="menu_box_body"><H3>Community</H3><UL><LI><A 
 >href="http://qpid.apache.org/getting_involved.html";>Getting 
 >Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.ht
 ml">Source Repository</A></LI><LI><A 
href="http://qpid.apache.org/mailing_lists.html";>Mailing Lists</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/";>Wiki</A></LI><LI><A 
href="https://issues.apache.org/jira/browse/qpid";>Issue 
Reporting</A></LI><LI><A 
href="http://qpid.apache.org/people.html";>People</A></LI><LI><A 
href="http://qpid.apache.org/acknowledgements.html";>Acknowledgements</A></LI></UL></DIV><DIV
 class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Developers</H3><UL><LI><A 
href="https://cwiki.apache.org/qpid/building.html";>Building Qpid</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/developer-pages.html";>Developer 
Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About 
AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html";>What is 
AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_b
 ody"><H3>About Apache</H3><UL><LI><A 
href="http://www.apache.org";>Home</A></LI><LI><A 
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</A></LI><LI><A
 href="http://www.apache.org/foundation/thanks.html";>Thanks</A></LI><LI><A 
href="http://www.apache.org/security/";>Security</A></LI></UL></DIV><DIV 
class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div 
class="main_text_area_top"></div><div class="main_text_area_body"><DIV 
class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP 
Messaging Broker (Implemented in Java)</a></span> &gt; <span 
class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How 
Tos</a></span> &gt; <span class="breadcrumb-node">Configuring Authentication 
Mechanisms</span></DIV><div class="section" lang="en"><div 
class="titlepage"><div><div><h2 class="title"><a 
name="Configuring-Authentication-Mechanisms"></a>2.8. Configuring 
Authentication Mechanisms</h2></div></div></div><p>
+    In order to successfully establish a connection to the Java Broker, the 
connection must be
+    authenticated. The Java Broker supports a number of different 
authentication schemesi, each
+    with its own "authentication manager". Different managers may be used on 
different ports.
+    Each manager has its own configuration element, the presence of which 
within the
+    &lt;security&gt; section denotes the use of that authentication mechanism. 
Where only one
+    such manager is configured, that manager will be used on all ports 
(including JMX). Where
+    more than one authentication manager is configured the configuration must 
define which 
+    manager is the "default", and (if required) the mapping of non-default 
authentication
+    managers to other ports.
+  </p><p>
+    The following configuration sets up three authentication managers, using a 
password file as
+    the default (e.g. for the JMX port), Kerberos on port 5672 and Anonymous 
on 5673.
+  </p><pre class="programlisting">
+    &lt;security&gt;
+        &lt;pd-auth-manager&gt;
+            &lt;principal-database&gt;
+                
&lt;class&gt;org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase&lt;/class&gt;
+                &lt;attributes&gt;
+                    &lt;attribute&gt;
+                        &lt;name&gt;passwordFile&lt;/name&gt;
+                        &lt;value&gt;${conf}/passwd&lt;/value&gt;
+                    &lt;/attribute&gt;
+                &lt;/attributes&gt;
+            &lt;/principal-database&gt;
+        &lt;/pd-auth-manager&gt;
+        
&lt;kerberos-auth-manager&gt;&lt;auth-name&gt;sib&lt;/auth-name&gt;&lt;/kerberos-auth-manager&gt;
+        &lt;anonymous-auth-manager&gt;&lt;/anonymous-auth-manager&gt;
+        
&lt;default-auth-manager&gt;PrincipalDatabaseAuthenticationManager&lt;/default-auth-manager&gt;
+        &lt;port-mappings&gt;
+            &lt;port-mapping&gt;
+                &lt;port&gt;5672&lt;/port&gt;
+                
&lt;auth-manager&gt;KerberosAuthenticationManager&lt;/auth-manager&gt;
+            &lt;/port-mapping&gt;
+            &lt;port-mapping&gt;
+                &lt;port&gt;5673&lt;/port&gt;
+                
&lt;auth-manager&gt;AnonymousAuthenticationManager&lt;/auth-manager&gt;
+            &lt;/port-mapping&gt;
+        &lt;/port-mappings&gt;
+    &lt;/security&gt;
+  </pre><div class="section" lang="en"><div class="titlepage"><div><div><h3 
class="title"><a name="id2497242"></a>2.8.1. Password 
File</h3></div></div></div></div><div class="section" lang="en"><div 
class="titlepage"><div><div><h3 class="title"><a 
name="id2497892"></a>2.8.2. LDAP</h3></div></div></div><pre 
class="programlisting">
+    &lt;security&gt;
+        &lt;simple-ldap-auth-manager&gt;
+          &lt;provider-url&gt;ldaps://example.com:636/&lt;/provider-url&gt;
+          &lt;search-context&gt;dc=example\,dc=com&lt;/search-context&gt;
+          &lt;search-filter&gt;(uid={0})&lt;/search-filter&gt;
+        &lt;/simple-ldap-auth-manager&gt;
+    &lt;/security&gt;
+  </pre><p>
+    The authentication manager first connects to the ldap server anonymously 
and searches for the
+    ldap entity which is identified by the username provided over SASL. 
Essentially the
+    authentication manager calls
+    DirContext.search(Name name, String filterExpr, Object[] filterArgs, 
SearchControls cons)
+    with the values of search-context and search-filter as the first two 
arguments, and the username
+    as the only element in the array which is the third argument.
+  </p><p>
+    If the search returns a name from the LDAP server, the 
AuthenticationManager then attempts to
+    login to the ldap server with the given name and the password.
+  </p><p>
+    If the URL to open for authentication is different to that for the search, 
then the
+    authentication url can be overridden using &lt;provider-auth-url&gt; in 
addition to providing a
+    &lt;provider-url&gt;. Note that the URL used for authentication should use 
ldaps:// since
+    passwords will be being sent over it.
+  </p><p>
+    By default com.sun.jndi.ldap.LdapCtxFactory is used to create the context, 
however this can be
+    overridden by specifying &lt;ldap-context-factory&gt; in the configuration.
+  </p></div><div class="section" lang="en"><div 
class="titlepage"><div><div><h3 class="title"><a 
name="id2497939"></a>2.8.3. Kerberos</h3></div></div></div><p>
+    Kereberos Authentication is configured using the 
&lt;kerberos-auth-manager&gt; element within
+    the &lt;security&gt; section. When referencing from the 
default-auth-manager or port-mapping
+    sections, its name is KerberosAuthenticationManager.
+  </p><p>
+    Since Kerberos support only works where SASL authentication is available 
(e.g. not for JMX
+    authentication) you may wish to also include an alternative Authentication 
Manager
+    configuration, and use this for other ports:
+  </p><pre class="programlisting">
+    &lt;security&gt;
+        &lt;pd-auth-manager&gt;
+            &lt;principal-database&gt;
+                
&lt;class&gt;org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase&lt;/class&gt;
+                &lt;attributes&gt;
+                    &lt;attribute&gt;
+                        &lt;name&gt;passwordFile&lt;/name&gt;
+                        &lt;value&gt;${conf}/passwd&lt;/value&gt;
+                    &lt;/attribute&gt;
+                &lt;/attributes&gt;
+            &lt;/principal-database&gt;
+        &lt;/pd-auth-manager&gt;
+        
&lt;kerberos-auth-manager&gt;&lt;auth-name&gt;sib&lt;/auth-name&gt;&lt;/kerberos-auth-manager&gt;
+        
&lt;default-auth-manager&gt;PrincipalDatabaseAuthenticationManager&lt;/default-auth-manager&gt;
+        &lt;port-mappings&gt;
+            &lt;port-mapping&gt;
+                &lt;port&gt;5672&lt;/port&gt;
+                
&lt;auth-manager&gt;KerberosAuthenticationManager&lt;/auth-manager&gt;
+            &lt;/port-mapping&gt;
+        &lt;/port-mappings&gt;
+    &lt;/security&gt;
+  </pre><p>
+    Configuration of kerberos is done through system properties (there doesn't 
seem to be a way
+    around this unfortunately).
+  </p><pre class="programlisting">
+    export QPID_OPTS=-Djavax.security.auth.useSubjectCredsOnly=false 
-Djava.security.auth.login.config=qpid.conf
+    ${QPID_HOME}/bin/qpid-server
+  </pre><p>Where qpid.conf would look something like this:</p><pre 
class="programlisting">
+com.sun.security.jgss.accept {
+    com.sun.security.auth.module.Krb5LoginModule required
+    useKeyTab=true
+    storeKey=true
+    doNotPrompt=true
+    realm="EXAMPLE.COM"
+    useSubjectCredsOnly=false
+    kdc="kerberos.example.com"
+    keyTab="/path/to/keytab-file"
+    principal="&lt;name&gt;/&lt;host&gt;";
+};
+  </pre><p>
+    Where realm, kdc, keyTab and principal should obviously be set correctly 
for the environment
+    where you are running (see the existing documentation for the C++ broker 
about creating a keytab
+    file).
+  </p><p>
+    Note: You may need to install the "Java Cryptography Extension (JCE) 
Unlimited Strength
+    Jurisdiction Policy Files" appropriate for your JDK in order to get 
Kerberos support working.
+  </p></div><div class="section" lang="en"><div 
class="titlepage"><div><div><h3 class="title"><a 
name="id2496729"></a>2.8.4. SSL Client 
Certificates</h3></div></div></div></div><div class="section" lang="en"><div 
class="titlepage"><div><div><h3 class="title"><a 
name="id2496734"></a>2.8.5. Anonymous</h3></div></div></div></div></div></div><div
 class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td 
width="40%" align="left"><a accesskey="p" 
href="Qpid-Java-Broker-Virtualhosts-Config.html">Prev</a> </td><td width="20%" 
align="center"><a accesskey="u" 
href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%" 
align="right"> <a accesskey="n" 
href="Java-Broker-Debug-Logging.html">Next</a></td></tr><tr><td width="40%" 
align="left" valign="top">2.7. 
+      Configure the Virtual Hosts via virtualhosts.xml
+     </td><td width="20%" align="center"><a accesskey="h" 
href="index.html">Home</a></td><td width="40%" align="right" 
valign="top"> 2.9. 
+      Debug using log4j
+    </td></tr></table></div><div 
class="main_text_area_bottom"></div></div></div></body></html>

Added: 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html
URL: 
http://svn.apache.org/viewvc/qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html?rev=1379984&view=auto
==============================================================================
--- 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html
 (added)
+++ 
qpid/site/docs/books/trunk/AMQP-Messaging-Broker-Java-Book/html/Configuring-Group-Providers.html
 Sun Sep  2 14:36:07 2012
@@ -0,0 +1,35 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; 
charset=UTF-8"><title>2.3. Configuring Group Providers</title><link 
rel="stylesheet" href="css/style.css" type="text/css"><meta name="generator" 
content="DocBook XSL Stylesheets V1.73.2"><link rel="start" href="index.html" 
title="AMQP Messaging Broker (Implemented in Java)"><link rel="up" 
href="Qpid-Java-Broker-HowTos.html" title="Chapter 2. How Tos"><link 
rel="prev" href="Configuring-ACLS.html" title="2.2.  Configuring ACLs"><link 
rel="next" href="Qpid-Java-SSL.html" title="2.4.  Configure Java Qpid to use a 
SSL connection."></head><body><div class="container" bgcolor="white" 
text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV 
class="header"><DIV class="logo"><H1>Apache Qpid™</H1><H2>Open Source AMQP 
Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache 
Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html";>Ho
 me</A></LI><LI><A 
href="http://qpid.apache.org/download.html";>Download</A></LI><LI><A 
href="http://qpid.apache.org/getting_started.html";>Getting 
Started</A></LI><LI><A 
href="http://www.apache.org/licenses/";>License</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/faq.html";>FAQ</A></LI></UL></DIV><DIV 
class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Documentation</H3><UL><LI><A 
href="http://qpid.apache.org/documentation.html#doc-release";>Latest 
Release</A></LI><LI><A 
href="http://qpid.apache.org/documentation.html#doc-trunk";>Trunk</A></LI><LI><A 
href="http://qpid.apache.org/documentation.html#doc-archives";>Archive</A></LI></UL></DIV><DIV
 class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Community</H3><UL><LI><A 
href="http://qpid.apache.org/getting_involved.html";>Getting 
Involved</A></LI><LI><A 
href="http://qpid.apache.org/source_repository.html";>Source 
Repository</A></LI><LI><A href="http
 ://qpid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/";>Wiki</A></LI><LI><A 
href="https://issues.apache.org/jira/browse/qpid";>Issue 
Reporting</A></LI><LI><A 
href="http://qpid.apache.org/people.html";>People</A></LI><LI><A 
href="http://qpid.apache.org/acknowledgements.html";>Acknowledgements</A></LI></UL></DIV><DIV
 class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV 
class="menu_box_body"><H3>Developers</H3><UL><LI><A 
href="https://cwiki.apache.org/qpid/building.html";>Building Qpid</A></LI><LI><A 
href="https://cwiki.apache.org/qpid/developer-pages.html";>Developer 
Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About 
AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html";>What is 
AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV 
class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About 
Apache</H3><UL><LI><A href="http
 ://www.apache.org">Home</A></LI><LI><A 
href="http://www.apache.org/foundation/sponsorship.html";>Sponsorship</A></LI><LI><A
 href="http://www.apache.org/foundation/thanks.html";>Thanks</A></LI><LI><A 
href="http://www.apache.org/security/";>Security</A></LI></UL></DIV><DIV 
class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div 
class="main_text_area_top"></div><div class="main_text_area_body"><DIV 
class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP 
Messaging Broker (Implemented in Java)</a></span> &gt; <span 
class="breadcrumb-link"><a href="Qpid-Java-Broker-HowTos.html">How 
Tos</a></span> &gt; <span class="breadcrumb-node">Configuring Group 
Providers</span></DIV><div class="section" lang="en"><div 
class="titlepage"><div><div><h2 class="title"><a 
name="Configuring-Group-Providers"></a>2.3. Configuring Group 
Providers</h2></div></div></div><p>
+    The Java broker utilises GroupProviders to allow assigning users to groups 
for use in <a class="link" href="Configuring-ACLS.html" title="2.2.  
Configuring ACLs">ACLs</a>. Following authentication by a given <a class="link" 
href="Configuring-Authentication-Mechanisms.html" title="2.8. Configuring 
Authentication Mechanisms">Authentication Provider</a>, the configured Group 
Providers are consulted to allowing assignment of GroupPrincipals for a given 
authenticated user. 
+  </p><div class="section" lang="en"><div class="titlepage"><div><div><h3 
class="title"><a 
name="File-Group-Manager"></a>2.3.1. FileGroupManager</h3></div></div></div><p>
+      The FileGroupManager allows specifying group membership in a flat file 
on disk, and is also exposed for inspection and update through the brokers HTTP 
management interface.
+    </p><p>
+      To enable the FileGroupManager, add the following configuration to the 
config.xml, adjusting the groupFile attribute value to match your desired 
groups file location.
+    </p><pre class="programlisting">
+    ...
+    &lt;security&gt;
+        &lt;file-group-manager&gt;
+            &lt;attributes&gt;
+              &lt;attribute&gt;
+                &lt;name&gt;groupFile&lt;/name&gt;
+                 &lt;value&gt;${conf}/groups&lt;/value&gt;
+              &lt;/attribute&gt;
+            &lt;/attributes&gt;
+        &lt;/file-group-manager&gt;
+    &lt;/security&gt;
+    ...
+</pre><div class="section" lang="en"><div class="titlepage"><div><div><h4 
class="title"><a name="File-Group-Manager-FileFormat"></a>2.3.1.1. File 
Format</h4></div></div></div><p>
+            The groups file has the following format:
+          </p><pre class="programlisting">
+    # &lt;GroupName&gt;.users = &lt;comma deliminated user list&gt;
+    # For example:
+
+    administrators.users = admin,manager
+</pre><p>
+            Only users can be added to a group currently, not other groups. 
Usernames can't contain commas.
+          </p><p>
+            Lines starting with a '#' are treated as comments when opening the 
file, but these are not preserved when the broker updates the file due to 
changes made through the management interface.
+          </p></div></div></div></div><div class="navfooter"><hr><table 
width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a 
accesskey="p" href="Configuring-ACLS.html">Prev</a> </td><td width="20%" 
align="center"><a accesskey="u" 
href="Qpid-Java-Broker-HowTos.html">Up</a></td><td width="40%" 
align="right"> <a accesskey="n" 
href="Qpid-Java-SSL.html">Next</a></td></tr><tr><td width="40%" align="left" 
valign="top">2.2. 
+      Configuring ACLs
+   </td><td width="20%" align="center"><a accesskey="h" 
href="index.html">Home</a></td><td width="40%" align="right" 
valign="top"> 2.4. 
+      Configure Java Qpid to use a SSL connection.
+    </td></tr></table></div><div 
class="main_text_area_bottom"></div></div></div></body></html>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org

Reply via email to