You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2016/12/28 10:37:31 UTC
[11/51] [partial] qpid-site git commit: Update site for 6.1.1 release
of Qpid Java
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-ACLs.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-ACLs.html.in b/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-ACLs.html.in
new file mode 100644
index 0000000..d7f7414
--- /dev/null
+++ b/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-ACLs.html.in
@@ -0,0 +1,275 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">8.3. Access Control Lists</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Security-Group-Providers.html">Prev</a> </td><th align="center" width="60%">Chapter 8. Security</th><td align="right" width="20%"> <a accesskey="n" href="Java-Broker-Security-Configuration-Encryption.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Security-ACLs"></a>8.3. Access Control Lists</h2></div></div></div><p>
+ In Qpid, Access Control Lists (ACLs) specify which actions can be performed by each authenticated user.
+ To enable, an <span class="emphasis"><em>Access Control Provider</em></span> needs to be configured on the <span class="emphasis"><em>Broker</em></span>.
+ The <span class="emphasis"><em>Access Control Provider</em></span> of type "AclFile" uses local file to specify the ACL rules.
+ By convention, this file should have a .acl extension.
+ </p><p>
+ A Group Provider can be configured with ACL to define the user groups which can be used in ACL
+ to determine the ACL rules applicable to the entire group. The configuration details for the Group Providers are described in
+ <a class="xref" href="Java-Broker-Security-Group-Providers.html" title="8.2. Group Providers">Section 8.2, “Group Providers”</a>. On creation of ACL Provider with group rules,
+ the Group Provider should be added first. Otherwise, if the individual ACL rules are not defined for the logged principal
+ the following invocation of management operations could be denied due to absence of the required groups.</p><p>Only one <span class="emphasis"><em>Access Control Provider</em></span> can be used by the Broker.
+ If several <span class="emphasis"><em>Access Control Providers</em></span> are configured on Broker level
+ only one of them will be used (the latest one).
+ </p><p>
+ The ACL Providers can be configured using <a class="link" href="Java-Broker-Management-Channel-REST-API.html" title="6.3. REST API">REST Management interfaces</a>
+ and <a class="link" href="Java-Broker-Management-Channel-Web-Console.html" title="6.2. Web Management Console">Web Management Console</a>.
+ </p><p>The following ACL Provider managing operations are available from Web Management Console:
+ </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>A new ACL Provider can be added by clicking onto "Add Access Control Provider" on the Broker tab.</p></li><li class="listitem"><p>An ACL Provider details can be viewed on the Access Control Provider tab.
+ The tab is shown after clicking onto ACL Provider name in the Broker object tree or after clicking
+ onto ACL Provider row in ACL Providers grid on the Broker tab.</p></li><li class="listitem"><p>An existing ACL Provider can be deleted by clicking onto buttons "Delete Access Control Provider"
+ on the Broker tab or Access Control Provider tab.</p></li></ul></div><p>
+ </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-ACLs-WriteACL"></a>8.3.1. 
+ Writing .acl files
+ </h3></div></div></div><p>
+ The ACL file consists of a series of rules associating behaviour for a user or group. Use of groups can serve to make the ACL file more concise. See <a class="link" href="Java-Broker-Security-Group-Providers.html" title="8.2. Group Providers">Configuring Group Providers</a> for more information on defining groups.
+ </p><p>
+ Each ACL rule grants or denies a particular action on an object to a user/group. The rule may be augmented with one or more properties, restricting
+ the rule's applicability.
+ </p><pre class="programlisting">
+ ACL ALLOW alice CREATE QUEUE # Grants alice permission to create all queues.
+ ACL DENY bob CREATE QUEUE name="myqueue" # Denies bob permission to create a queue called "myqueue"
+ </pre><p>
+ The ACL is considered in strict line order with the first matching rule taking precedence over all those that follow. In the following
+ example, if the user bob tries to create an exchange "myexch", the operation will be allowed by the first rule. The second rule will
+ never be considered.
+ </p><pre class="programlisting">
+ ACL ALLOW bob ALL EXCHANGE
+ ACL DENY bob CREATE EXCHANGE name="myexch" # Dead rule
+ </pre><p>
+ If the desire is to allow bob to create all exchanges except "myexch", order of the rules must be reversed:
+ </p><pre class="programlisting">
+ ACL DENY bob CREATE EXCHANGE name="myexch"
+ ACL ALLOW bob ALL EXCHANGE
+ </pre><p>
+ All ACL files end with an implicit rule denying all operations to all users. It is as if each file ends with
+ </p><pre class="programlisting">ACL DENY ALL ALL </pre><p>
+ If instead you wish to <span class="emphasis"><em>allow</em></span> all operations other than those controlled by earlier rules,
+ add </p><pre class="programlisting">ACL ALLOW ALL ALL</pre><p> to the bottom of the ACL file.
+ </p><p>
+ When writing a new ACL, a good approach is to begin with an .acl file containing only </p><pre class="programlisting">ACL DENY-LOG ALL ALL</pre><p>
+ which will cause the Broker to deny all operations with details of the denial logged to the Qpid log file. Build up the ACL rule by rule,
+ gradually working through the use-cases of your system. Once the ACL is complete, consider switching the DENY-LOG actions to DENY
+ to improve performamce and reduce log noise.
+ </p><p>
+ ACL rules are very powerful: it is possible to write very granular rules specifying many broker objects and their
+ properties. Most projects probably won't need this degree of flexibility. A reasonable approach is to choose to apply permissions
+ at a certain level of abstraction (e.g. QUEUE) and apply them consistently across the whole system.
+ </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+ Some rules can be restricted to the virtual host if property virtualhost_name is specified.
+ </p><div class="example"><a id="d0e4809"></a><p class="title"><strong>Example 8.1. Restrict rules to specific virtual hosts</strong></p><div class="example-contents"><pre class="programlisting">
+ ACL ALLOW bob CREATE QUEUE virtualhost_name="test"
+ ACL ALLOW bob ALL EXCHANGE virtualhost_name="prod"
+ </pre></div></div><p><br class="example-break" />
+ In the example above the first rule allows user "bob" to create queues on virtual host "test" only.
+ The second rule allows user "bob" any action with exchanges on virtual host "prod".
+ </p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-ACLs-Syntax"></a>8.3.2. 
+ Syntax
+ </h3></div></div></div><p>
+ ACL rules follow this syntax:
+ </p><pre class="programlisting">
+ ACL {permission} {<group-name>|<user-name>|ALL} {action|ALL} [object|ALL] [property="<property-value>"]
+ </pre><p>
+ Comments may be introduced with the hash (#) character and are ignored. Long lines can be broken with the slash (\) character.
+ </p><pre class="programlisting">
+ # A comment
+ ACL ALLOW admin CREATE ALL # Also a comment
+ ACL DENY guest \
+ ALL ALL # A broken line
+ </pre></div><div class="table"><a id="table-Java-Broker-Security-ACLs-Syntax_permissions"></a><p class="title"><strong>Table 8.1. List of ACL permission</strong></p><div class="table-contents"><table border="1" summary="List of ACL permission"><colgroup><col /><col /></colgroup><tbody><tr><td><span class="command"><strong>ALLOW</strong></span></td><td><p>Allow the action</p></td></tr><tr><td><span class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action and log the action in the log </p></td></tr><tr><td><span class="command"><strong>DENY</strong></span></td><td><p> Deny the action</p></td></tr><tr><td><span class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action and log the action in the log</p></td></tr></tbody></table></div></div><br class="table-break" /><div class="table"><a id="table-Java-Broker-Security-ACLs-Syntax_actions"></a><p class="title"><strong>Table 8.2. List of ACL actions</strong></p><div class="tab
le-contents"><table border="1" summary="List of ACL actions"><colgroup><col /><col /><col /><col /></colgroup><thead><tr><th><p>Action</p></th><th><p>Description</p></th><th><p>Supported object types</p></th><th><p>Supported properties</p></th></tr></thead><tbody><tr><td> <span class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when subscriptions are created </p> </td><td><p>QUEUE</p></td><td><p>name, autodelete, temporary, durable, exclusive, alternate, owner, virtualhost_name</p></td></tr><tr><td> <span class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per message basis on publish message transfers</p> </td><td><p>EXCHANGE</p></td><td><p>name, routingkey, immediate, virtualhost_name</p></td></tr><tr><td> <span class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an object is created, such as bindings, queues, exchanges</p> </td><td><p>VIRTUALHOSTNODE, VIRTUALHOST, EXCHANGE, QUEUE, USER, GROUP</p></td><td><p>see prope
rties on the corresponding object type</p></td></tr><tr><td> <span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when an object is read or accessed</p> </td><td><p>VIRTUALHOST, MANAGEMENT</p></td><td><p>name (for VIRTUALHOST only)</p></td></tr><tr><td> <span class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues are bound to exchanges</p> </td><td><p>EXCHANGE</p></td><td><p>name, routingKey, queuename, virtualhost_name, temporary, durable</p></td></tr><tr><td> <span class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when queues are unbound from exchanges</p> </td><td><p>EXCHANGE</p></td><td><p>name, routingKey, queuename, virtualhost_name, temporary, durable</p></td></tr><tr><td> <span class="command"><strong>DELETE</strong></span> </td><td> <p> Applied when objects are deleted </p> </td><td><p>VIRTUALHOSTNODE, VIRTUALHOST, EXCHANGE, QUEUE, USER, GROUP</p></td><td><p>see properties on the corresponding object type</p><
/td></tr><tr><td> <span class="command"><strong>PURGE</strong></span> </td><td>
+ <p>Applied when purge the contents of a queue</p> </td><td><p>QUEUE</p></td><td><p> </p></td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when an object is updated </p> </td><td><p>VIRTUALHOSTNODE, VIRTUALHOST, EXCHANGE, QUEUE, USER, GROUP</p></td><td><p>see EXCHANGE and QUEUE properties</p></td></tr><tr><td> <span class="command"><strong>CONFIGURE</strong></span> </td><td> <p> Applied when an object is configured via REST management interfaces.</p> </td><td><p>BROKER</p></td><td><p> </p></td></tr><tr><td><span class="command"><strong>ACCESS_LOGS</strong></span> </td><td><p>Allows/denies the specific user to download log file(s) over REST interfaces.</p> </td><td><p>BROKER, VIRTUALHOST</p></td><td><p>name (for VIRTUALHOST only)</p></td></tr><tr><td><span class="command"><strong>SHUTDOWN</strong></span> </td><td><p>Allows/denies the specific user to shutdown the Broker.</p> </td><td><p>BROKER</p></td><td><p /></td></tr></tbody></t
able></div></div><br class="table-break" /><div class="table"><a id="table-Java-Broker-Security-ACLs-Syntax_objects"></a><p class="title"><strong>Table 8.3. List of ACL objects</strong></p><div class="table-contents"><table border="1" summary="List of ACL objects"><colgroup><col /><col /><col /><col /></colgroup><thead><tr><th><p>Object type</p></th><th><p>Description</p></th><th><p>Supported actions</p></th><th><p>Supported properties</p></th></tr></thead><tbody><tr><td> <span class="command"><strong>VIRTUALHOSTNODE</strong></span> </td><td> <p>A virtualhostnode or remote replication node</p> </td><td><p>ALL, CREATE, UPDATE, DELETE</p> </td><td><p>name</p> </td></tr><tr><td> <span class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p>A virtualhost</p> </td><td><p>ALL, CREATE, UPDATE, DELETE, ACCESS, ACCESS_LOGS</p> </td><td><p>name</p> </td></tr><tr><td> <span class="command"><strong>QUEUE</strong></span> </td><td> <p>A queue </p> </td><td><p>ALL, CREATE, DELET
E, PURGE, CONSUME, UPDATE</p></td><td><p>name, autodelete, temporary, durable, exclusive, alternate, owner, virtualhost_name</p></td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> </td><td><p>An exchange</p></td><td><p>ALL, ACCESS, CREATE, DELETE, BIND, UNBIND, PUBLISH, UPDATE</p></td><td><p>name, autodelete, temporary, durable, type, virtualhost_name, queuename(only for BIND and UNBIND), routingkey(only for BIND and UNBIND, PUBLISH)</p></td></tr><tr><td> <span class="command"><strong>USER</strong></span> </td><td> <p>A user</p> </td><td><p>ALL, CREATE, DELETE, UPDATE</p></td><td><p>name</p></td></tr><tr><td> <span class="command"><strong>GROUP</strong></span> </td><td> <p>A group</p> </td><td><p>ALL, CREATE, DELETE, UPDATE</p></td><td><p>name</p></td></tr><tr><td> <span class="command"><strong>METHOD</strong></span> </td><td> <p>Management or agent or broker method</p> </td><td><p>ALL, ACCESS, UPDATE</p></td><td><p>name, component, virtualhost_name</p></td></t
r><tr><td> <span class="command"><strong>BROKER</strong></span> </td><td> <p>The broker</p> </td><td><p>ALL, CONFIGURE, ACCESS_LOGS</p></td><td><p> </p></td></tr></tbody></table></div></div><br class="table-break" /><div class="table"><a id="table-Java-Broker-Security-ACLs-Syntax_properties"></a><p class="title"><strong>Table 8.4. List of ACL properties</strong></p><div class="table-contents"><table border="1" summary="List of ACL properties"><colgroup><col /><col /></colgroup><tbody><tr><td><span class="command"><strong>name</strong></span> </td><td> <p> String. Object name, such as a queue name or exchange name.</p> </td></tr><tr><td> <span class="command"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> <span class="command"><strong>routingkey</strong></span> </td><td> <p> String. Specifies routing key </p> </td></tr><tr><td> <span class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. Indi
cates whether or not the object gets deleted when the connection is closed </p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>temporary</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span> </td><td> <p> String. Type of object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of the alternate exchange </p> </td></tr><tr><td> <span class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of the queue (used only when the object is something other than <em class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span class="command"><strong>c
omponent</strong></span> </td><td> <p> String. component name</p> </td></tr><tr><td> <span class="command"><strong>from_network</strong></span> </td><td>
+ <p>
+ Comma-separated strings representing IPv4 address ranges.
+ </p>
+ <p>
+ Intended for use in ACCESS VIRTUALHOST rules to apply firewall-like restrictions.
+ </p>
+ <p>
+ The rule matches if any of the address ranges match the IPv4 address of the messaging client.
+ The address ranges are specified using either Classless Inter-Domain Routing notation
+ (e.g. 192.168.1.0/24; see <a class="link" href="http://tools.ietf.org/html/rfc4632" target="_top">RFC 4632</a>)
+ or wildcards (e.g. 192.169.1.*).
+ </p>
+ </td></tr><tr><td> <span class="command"><strong>from_hostname</strong></span> </td><td>
+ <p>
+ Comma-separated strings representing hostnames, specified using Perl-style regular
+ expressions, e.g. .*\.example\.company\.com
+ </p>
+ <p>
+ Intended for use in ACCESS VIRTUALHOST rules to apply firewall-like restrictions.
+ </p>
+ <p>
+ The rule matches if any of the patterns match the hostname of the messaging client.
+ </p>
+ <p>
+ To look up the client's hostname, Qpid uses Java's DNS support, which internally caches its results.
+ </p>
+ <p>
+ You can modify the time-to-live of cached results using the *.ttl properties described on the
+ Java <a class="link" href="http://docs.oracle.com/javase/6/docs/technotes/guides/net/properties.html" target="_top">Networking
+ Properties</a> page.
+ </p>
+ <p>
+ For example, you can either set system property sun.net.inetaddr.ttl from the command line
+ (e.g. export QPID_OPTS="-Dsun.net.inetaddr.ttl=0") or networkaddress.cache.ttl in
+ $JAVA_HOME/lib/security/java.security. The latter is preferred because it is JVM
+ vendor-independent.
+ </p>
+ </td></tr><tr><td><span class="command"><strong>virtualhost_name</strong></span></td><td>
+ <p>
+ String. A name of virtual host to which the rule is applied.
+ </p>
+ </td></tr><tr><td><span class="command"><strong>immediate</strong></span></td><td>
+ <p>
+ Boolean. A property can be used to restrict PUBLISH action to publishing only messages with given immediate flag.
+ </p>
+ </td></tr></tbody></table></div></div><br class="table-break" /><div class="table"><a id="table-Java-Broker-Security-ACLs-Queue-Exchnage-Operations"></a><p class="title"><strong>Table 8.5. ACL for Queue management operations invoked via REST interfaces</strong></p><div class="table-contents"><table border="1" summary="ACL for Queue management operations invoked via REST interfaces"><colgroup><col /><col /><col /><col /></colgroup><tbody><tr><td> <span class="command"><strong>Operation</strong></span> </td><td> <p>Component</p> </td><td> <p>Method</p> </td><td> <p>Description</p> </td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p>VirtualHost.Queue</p> </td><td> <p>copyMessages</p> </td><td> <p>Copy messages</p> </td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p>VirtualHost.Queue</p> </td><td> <p>moveMessages</p> </td><td> <p>Move messages</p> </td></tr><tr><td> <span class="command"><strong>UPDATE
</strong></span> </td><td> <p>VirtualHost.Queue</p> </td><td> <p>deleteMessages</p> </td><td> <p>Delete messages</p> </td></tr></tbody></table></div></div><br class="table-break" /><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-ACLs-WorkedExamples"></a>8.3.3. 
+ Worked Examples
+ </h3></div></div></div><p>
+ Here are some example ACLs illustrating common use cases.
+ In addition, note that the Broker provides a complete example ACL file, located at etc/broker_example.acl.
+ </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Security-ACLs-WorkedExample1"></a>8.3.3.1. 
+ Worked example 1 - Management rights
+ </h4></div></div></div><p>
+ Suppose you wish to permission two users: a user 'operator' must be able to perform all Management operations, and
+ a user 'readonly' must be enable to perform only read-only functions. Neither 'operator' nor 'readonly'
+ should be allowed to connect clients for messaging.
+ </p><pre class="programlisting">
+# Deny (loggged) operator/readonly permission to connect messaging clients.
+ACL DENY-LOG operator ACCESS VIRTUALHOST
+ACL DENY-LOG readonly ACCESS VIRTUALHOST
+# Give operator permission to perfom all other actions
+ACL ALLOW operator ALL ALL
+# Give readonly permission to execute only read-only actions
+ACL ALLOW readonly ACCESS ALL
+...
+... rules for other users
+...
+# Explicitly deny all (log) to eveyone
+ACL DENY-LOG ALL ALL
+ </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Security-ACLs-WorkedExample2"></a>8.3.3.2. 
+ Worked example 2 - User maintainer group
+ </h4></div></div></div><p>
+ Suppose you wish to restrict User Management operations to users belonging to a
+ <a class="link" href="Java-Broker-Security-Group-Providers.html" title="8.2. Group Providers">group</a> 'usermaint'. No other user
+ is allowed to perform user maintenance This example illustrates the permissioning of an individual component.
+ </p><pre class="programlisting">
+# Give usermaint access to management and permission to create
+# and delete users through management
+ACL ALLOW usermaint ALL USER
+ACL DENY ALL ALL USER
+...
+... rules for other users
+...
+ACL DENY-LOG ALL ALL
+ </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Security-ACLs-WorkedExample3"></a>8.3.3.3. 
+ Worked example 3 - Request/Response messaging
+ </h4></div></div></div><p>
+ Suppose you wish to permission a system using a request/response paradigm. Two users: 'client' publishes requests;
+ 'server' consumes the requests and generates a response. This example illustrates the permissioning of AMQP exchanges
+ and queues.
+ </p><pre class="programlisting">
+# Allow client and server to connect to the virtual host.
+ACL ALLOW client ACCESS VIRTUALHOST
+ACL ALLOW server ACCESS VIRTUALHOST
+
+# Client side
+# Allow the 'client' user to publish requests to the request queue. As is the norm for the request/response paradigm, the client
+# is required to create a temporary queue on which the server will respond. Consequently, there are rules to allow the creation
+# of the temporary queues and consumption of messages from it.
+ACL ALLOW client CREATE QUEUE temporary="true"
+ACL ALLOW client CONSUME QUEUE temporary="true"
+ACL ALLOW client DELETE QUEUE temporary="true"
+ACL ALLOW client BIND EXCHANGE name="amq.direct" temporary="true"
+ACL ALLOW client UNBIND EXCHANGE name="amq.direct" temporary="true"
+ACL ALLOW client PUBLISH EXCHANGE name="amq.direct" routingKey="example.RequestQueue"
+
+# Server side
+# Allow the 'server' user to consume from the request queue and publish a response to the temporary response queue created by
+# client. We also allow the server to create the request queue.
+ACL ALLOW server CREATE QUEUE name="example.RequestQueue"
+ACL ALLOW server CONSUME QUEUE name="example.RequestQueue"
+ACL ALLOW server BIND EXCHANGE
+ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" routingKey="TempQueue*"
+
+ACL DENY-LOG all all
+ </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Security-ACLs-WorkedExample4"></a>8.3.3.4. 
+ Worked example 4 - firewall-like access control
+ </h4></div></div></div><p>
+ This example illustrates how to set up an ACL that restricts the IP addresses and hostnames
+ of messaging clients that can access a virtual host.
+ </p><pre class="programlisting">
+################
+# Hostname rules
+################
+
+# Allow messaging clients from company1.com and company1.co.uk to connect
+ACL ALLOW all ACCESS VIRTUALHOST from_hostname=".*\.company1\.com,.*\.company1\.co\.uk"
+
+# Deny messaging clients from hosts within the dev subdomain
+ACL DENY-LOG all ACCESS VIRTUALHOST from_hostname=".*\.dev\.company1\.com"
+
+##################
+# IP address rules
+##################
+
+# Deny access to all users in the IP ranges 192.168.1.0-192.168.1.255 and 192.168.2.0-192.168.2.255,
+# using the notation specified in RFC 4632, "Classless Inter-domain Routing (CIDR)"
+ACL DENY-LOG messaging-users ACCESS VIRTUALHOST \
+ from_network="192.168.1.0/24,192.168.2.0/24"
+
+# Deny access to all users in the IP ranges 192.169.1.0-192.169.1.255 and 192.169.2.0-192.169.2.255,
+# using wildcard notation.
+ACL DENY-LOG messaging-users ACCESS VIRTUALHOST \
+ from_network="192.169.1.*,192.169.2.*"
+
+ACL DENY-LOG all all
+ </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Security-ACLs-WorkedExample5"></a>8.3.3.5. 
+ Worked example 5 - REST management ACL example
+ </h4></div></div></div><p>
+ This example illustrates how to set up an ACL that restricts usage of REST management interfaces.
+ </p><pre class="programlisting">
+# allow to the users from webadmins group to change broker model
+# this rule allows adding/removing/editing of Broker level objects:
+# Broker, Group Provider, Authentication Provider, Port, Access Control Provider etc
+ACL ALLOW-LOG webadmins CONFIGURE BROKER
+
+# allow to the users from webadmins group to perform
+# create/update/delete on virtualhost node and children
+ACL ALLOW-LOG webadmins CREATE VIRTUALHOSTNODE
+ACL ALLOW-LOG webadmins UPDATE VIRTUALHOSTNODE
+ACL ALLOW-LOG webadmins DELETE VIRTUALHOSTNODE
+ACL ALLOW-LOG webadmins CREATE VIRTUALHOST
+ACL ALLOW-LOG webadmins UPDATE VIRTUALHOST
+ACL ALLOW-LOG webadmins DELETE VIRTUALHOST
+ACL ALLOW-LOG webadmins CREATE QUEUE
+ACL ALLOW-LOG webadmins UPDATE QUEUE
+ACL ALLOW-LOG webadmins DELETE QUEUE
+ACL ALLOW-LOG webadmins PURGE QUEUE
+ACL ALLOW-LOG webadmins CREATE EXCHANGE
+ACL ALLOW-LOG webadmins DELETE EXCHANGE
+ACL ALLOW-LOG webadmins BIND EXCHANGE
+ACL ALLOW-LOG webadmins UNBIND EXCHANGE
+
+# allow to the users from webadmins group to create/update/delete groups on Group Providers
+ACL ALLOW-LOG webadmins CREATE GROUP
+ACL ALLOW-LOG webadmins DELETE GROUP
+ACL ALLOW-LOG webadmins UPDATE GROUP
+
+# allow to the users from webadmins group to create/update/delete users for Authentication Providers
+ACL ALLOW-LOG webadmins CREATE USER
+ACL ALLOW-LOG webadmins DELETE USER
+ACL ALLOW-LOG webadmins UPDATE USER
+
+# allow to the users from webadmins group to move, copy, delete messagaes, and clear the queue
+# using REST management interfaces
+ACL ALLOW-LOG webadmins UPDATE METHOD
+
+# at the moment only the following UPDATE METHOD rules are supported by web management console
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="moveMessages"
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="copyMessages"
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="deleteMessages"
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="clearQueue"
+
+ACL DENY-LOG all all
+ </pre></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Security-Group-Providers.html">Prev</a> </td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td align="right" width="40%"> <a accesskey="n" href="Java-Broker-Security-Configuration-Encryption.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">8.2. Group Providers </td><td align="center" width="20%"><a accesskey="h" href="AMQP-Messaging-Broker-Java-Book.html">Home</a></td><td align="right" valign="top" width="40%"> 8.4. Configuration Encryption</td></tr></table></div></div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-Configuration-Encryption.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-Configuration-Encryption.html.in b/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-Configuration-Encryption.html.in
new file mode 100644
index 0000000..1c2c2e7
--- /dev/null
+++ b/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-Configuration-Encryption.html.in
@@ -0,0 +1,20 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">8.4. Configuration Encryption</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Security-ACLs.html">Prev</a> </td><th align="center" width="60%">Chapter 8. Security</th><td align="right" width="20%"> <a accesskey="n" href="Java-Broker-Runtime.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Security-Configuration-Encryption"></a>8.4. Configuration Encryption</h2></div></div></div><p> The Broker is capable of encrypting passwords and other security items stored in the
+ Broker's configuration. This is means that items such as keystore/truststore passwords, JDBC
+ passwords, and LDAP passwords can be stored in the configure in a form that is difficult to
+ read.</p><p>The Broker ships with an encryptor implementation called <code class="literal">AESKeyFile</code>. This
+ uses a securely generated random key of 256bit<a class="footnote" href="#ftn.d0e5567" id="d0e5567"><sup class="footnote">[12]</sup></a> to encrypt the secrets stored within a key
+ file. Of course, the key itself must be guarded carefully, otherwise the passwords encrypted
+ with it may be compromised. For this reason, the Broker ensures that the file's permissions
+ allow the file to be read exclusively by the user account used for running the Broker.</p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>If the keyfile is lost or corrupted, the secrets will be irrecoverable.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Configuration-Encryption-Configuration"></a>8.4.1. Configuration</h3></div></div></div><p>The <code class="literal">AESKeyFile</code> encyptor provider is enabled/disabled via the <a class="link" href="Java-Broker-Management-Managing-Broker.html" title="7.3. Broker">Broker attributes</a> within the
+ Web Management Console. On enabling the provider, any existing passwords within the
+ configuration will be automatically rewritten in the encrypted form.</p><p>Note that passwords stored by the Authentication Providers <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-PlainPasswordFile-Provider" title="8.1.8. Plain Password File (Deprecated)">PlainPasswordFile</a> and.
+ <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Base64MD5PasswordFile-Provider" title="8.1.10. Base64MD5 Password File (Deprecated)">PlainPasswordFile</a>
+ with the external password files are <span class="emphasis"><em>not</em></span> encrypted by the key. Use the
+ Scram Authentication Managers instead; these make use of the Configuration Encryption when
+ storing the users' passwords. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Configuration-Encryption-Alternate-Implementations"></a>8.4.2. Alternate Implementations</h3></div></div></div><p>If the <code class="literal">AESKeyFile</code> encryptor implementation does not meet the needs of
+ the user, perhaps owing to the security standards of their institution, the
+ <code class="literal">ConfigurationSecretEncrypter</code> interface is designed as an extension point.
+ Users may implement their own implementation of ConfigurationSecretEncrypter perhaps to employ
+ stronger encryption or delegating the storage of the key to an Enterprise Password
+ Safe.</p></div><div class="footnotes"><br /><hr style="width:100; text-align:left;margin-left: 0" /><div class="footnote" id="ftn.d0e5567"><p><a class="para" href="#d0e5567"><sup class="para">[12] </sup></a>Java Cryptography Extension (JCE)
+ Unlimited Strength required</p></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Security-ACLs.html">Prev</a> </td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td align="right" width="40%"> <a accesskey="n" href="Java-Broker-Runtime.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">8.3. Access Control Lists </td><td align="center" width="20%"><a accesskey="h" href="AMQP-Messaging-Broker-Java-Book.html">Home</a></td><td align="right" valign="top" width="40%"> Chapter 9. Runtime</td></tr></table></div></div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-Group-Providers.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-Group-Providers.html.in b/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-Group-Providers.html.in
new file mode 100644
index 0000000..af93965
--- /dev/null
+++ b/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security-Group-Providers.html.in
@@ -0,0 +1,36 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">8.2. Group Providers</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Security.html">Prev</a> </td><th align="center" width="60%">Chapter 8. Security</th><td align="right" width="20%"> <a accesskey="n" href="Java-Broker-Security-ACLs.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Security-Group-Providers"></a>8.2. Group Providers</h2></div></div></div><p>
+ The Apache Qpid Broker for Java utilises GroupProviders to allow assigning users to groups for use in <a class="link" href="Java-Broker-Security-ACLs.html" title="8.3. Access Control Lists">ACLs</a>.
+ Following authentication by a given <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Authentication-Providers" title="8.1. Authentication Providers">Authentication Provider</a>,
+ the configured Group Providers are consulted allowing the assignment of GroupPrincipals for a given authenticated user. Any number of
+ Group Providers can be added into the Broker. All of them will be checked for the presence of the groups for a given authenticated user.
+ </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="File-Group-Manager"></a>8.2.1. GroupFile Provider</h3></div></div></div><p>
+ The <span class="emphasis"><em>GroupFile</em></span> Provider allows specifying group membership in a flat file on disk.
+ On adding a new GroupFile Provider the path to the groups file is required to be specified.
+ If file does not exist an empty file is created automatically. On deletion of GroupFile Provider
+ the groups file is deleted as well. Only one instance of "GroupFile" Provider per groups file location can be created.
+ On attempt to create another GroupFile Provider pointing to the same location the error will be displayed and
+ the creation will be aborted.
+ </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="File-Group-Manager-FileFormat"></a>8.2.1.1. File Format</h4></div></div></div><p>
+ The groups file has the following format:
+ </p><pre class="programlisting">
+ # <GroupName>.users = <comma delimited user list>
+ # For example:
+
+ administrators.users = admin,manager
+</pre><p>
+ Only users can be added to a group currently, not other groups. Usernames can't contain commas.
+ </p><p>
+ Lines starting with a '#' are treated as comments when opening the file, but these are not preserved when the broker updates the file due to changes made through the management interface.
+ </p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Group-Providers-ManagedGroupProvider"></a>8.2.2. ManagedGroupProvider</h3></div></div></div><p>
+ The <span class="emphasis"><em>ManagedGroupProvider</em></span> allows specifying group membership as part of broker configuration.
+ In future version of Brokers GroupFile Provider will be replaced by this one.
+ </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Group-Providers-CloudFoundry"></a>8.2.3. CloudFoundryDashboardManagementGroupProvider</h3></div></div></div><p>
+ The <span class="emphasis"><em>CloudFoundryDashboardManagementGroupProvider</em></span>
+ allows mapping of service instance ids to qpid management groups.
+ </p><p>
+ One use case is restricting management capabilities of a OAuth2 authenticated user to certain virtual
+ hosts. For this, one would associate a cloudfoundry service id with each virtual host and have an ACL with a
+ separate management group for each virtual host. Given the correct service instance id to
+ management group mapping the GroupProvider will then associate the user with each management group the user
+ is provisioned to manage the associated service instance in the <a class="link" href="http://docs.cloudfoundry.org/services/dashboard-sso.html#checking-user-permissions" target="_top">CloudFoundry dashboard</a>.
+ </p></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Security.html">Prev</a> </td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td align="right" width="40%"> <a accesskey="n" href="Java-Broker-Security-ACLs.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">Chapter 8. Security </td><td align="center" width="20%"><a accesskey="h" href="AMQP-Messaging-Broker-Java-Book.html">Home</a></td><td align="right" valign="top" width="40%"> 8.3. Access Control Lists</td></tr></table></div></div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security.html.in b/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security.html.in
new file mode 100644
index 0000000..bf77c44
--- /dev/null
+++ b/input/releases/qpid-java-6.1.1/java-broker/book/Java-Broker-Security.html.in
@@ -0,0 +1,152 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">Chapter 8. Security</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Management-Managing-Plugin-HTTP.html">Prev</a> </td><th align="center" width="60%"> </th><td align="right" width="20%"> <a accesskey="n" href="Java-Broker-Security-Group-Providers.html">Next</a></td></tr></table><hr /></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a id="Java-Broker-Security"></a>Chapter 8. Security</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Authentication-Providers">8.1. Authentication Providers</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-LDAP-Provider">8.1.1. Simple LDAP</a></span></dt><
dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Kerberos-Provider">8.1.2. Kerberos</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-OAuth2-Provider">8.1.3. OAuth2</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-External-Provider">8.1.4. External (SSL Client Certificates)</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Anonymous-Provider">8.1.5. Anonymous</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-ScramSha-Providers">8.1.6. SCRAM SHA</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Plain-Provider">8.1.7. Plain</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-PlainPasswordFile-Provider">8.1.8. Plain Password File <span class="emphasis"><em>(Deprecated)</em></spa
n></a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-MD5-Provider">8.1.9. MD5 Provider</a></span></dt><dt><span class="section"><a href="Java-Broker-Security.html#Java-Broker-Security-Base64MD5PasswordFile-Provider">8.1.10. Base64MD5 Password File <span class="emphasis"><em>(Deprecated)</em></span></a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Security-Group-Providers.html">8.2. Group Providers</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Security-Group-Providers.html#File-Group-Manager">8.2.1. GroupFile Provider</a></span></dt><dt><span class="section"><a href="Java-Broker-Security-Group-Providers.html#Java-Broker-Security-Group-Providers-ManagedGroupProvider">8.2.2. ManagedGroupProvider</a></span></dt><dt><span class="section"><a href="Java-Broker-Security-Group-Providers.html#Java-Broker-Security-Group-Providers-CloudFoundry">8.2.3. CloudFoundryDashboardManagementGroupProvider</a></s
pan></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Security-ACLs.html">8.3. Access Control Lists</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Security-ACLs.html#Java-Broker-Security-ACLs-WriteACL">8.3.1.
+ Writing .acl files
+ </a></span></dt><dt><span class="section"><a href="Java-Broker-Security-ACLs.html#Java-Broker-Security-ACLs-Syntax">8.3.2.
+ Syntax
+ </a></span></dt><dt><span class="section"><a href="Java-Broker-Security-ACLs.html#Java-Broker-Security-ACLs-WorkedExamples">8.3.3.
+ Worked Examples
+ </a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Security-Configuration-Encryption.html">8.4. Configuration Encryption</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Security-Configuration-Encryption.html#Java-Broker-Security-Configuration-Encryption-Configuration">8.4.1. Configuration</a></span></dt><dt><span class="section"><a href="Java-Broker-Security-Configuration-Encryption.html#Java-Broker-Security-Configuration-Encryption-Alternate-Implementations">8.4.2. Alternate Implementations</a></span></dt></dl></dd></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Security-Authentication-Providers"></a>8.1. Authentication Providers</h2></div></div></div><p> In order to successfully establish a connection to the Broker, the connection must be
+ authenticated. The Broker supports a number of different authentication schemes, each with
+ its own "authentication provider". Any number of Authentication Providers can be configured on
+ the Broker at the same time. </p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p> Only unused Authentication Provider can be deleted. For delete requests attempting to
+ delete Authentication Provider associated with the Ports, the errors will be returned and
+ delete operations will be aborted. It is possible to change the Authentication Provider on
+ Port at runtime. However, the Broker restart is required for changes on Port to take effect.
+ </p></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+ Authentication Providers may choose to selectively disable certain authentication mechanisms
+ depending on whether an encrypted transport is being used or not. This is to avoid insecure
+ configurations. Notably, by default the PLAIN mechanism will be disabled on non-SSL
+ connections. This security feature can be overwritten by setting
+ </p><pre class="programlisting">secureOnlyMechanisms = []</pre><p> in the authentication provider
+ section of the config.json.
+ </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
+ Changing the secureOnlyMechanism is a breach of security and might cause passwords to be
+ transfered in the clear. Use at your own risk!
+ </p></div><p>
+ </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-LDAP-Provider"></a>8.1.1. Simple LDAP</h3></div></div></div><p> The Simple LDAP authenticates connections against a Directory (LDAP). </p><p> To create a SimpleLDAPAuthenticationProvider the following mandatory fields are required: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>LDAP server URL</em></span> is the URL of the server, for example,
+ <code class="literal">ldaps://example.com:636</code></p></li><li class="listitem"><p><span class="emphasis"><em>Search context</em></span> is the distinguished name of the search base
+ object. It defines the location from which the search for users begins, for example,
+ <code class="literal">dc=users,dc=example,dc=com</code></p></li><li class="listitem"><p><span class="emphasis"><em>Search filter</em></span> is a DN template to find an LDAP user entry by
+ provided user name, for example, <code class="literal">(uid={0})</code></p></li></ul></div><p> Additionally, the following optional fields can be specified: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>LDAP context factory</em></span> is a fully qualified class name for the
+ JNDI LDAP context factory. This class must implement the <a class="link" href="http://docs.oracle.com/javase/7/docs/api/javax/naming/spi/InitialContextFactory.html" target="_top">InitialContextFactory</a> interface and produce instances of <a class="link" href="http://docs.oracle.com/javase/7/docs/api/javax/naming/directory/DirContext.html" target="_top">DirContext</a>. If
+ not specified a default value of <code class="literal">com.sun.jndi.ldap.LdapCtxFactory</code> is
+ used.</p></li><li class="listitem"><p><span class="emphasis"><em>LDAP authentication URL</em></span> is the URL of LDAP server for
+ performing "ldap bind". If not specified, the <span class="emphasis"><em>LDAP server URL</em></span> will
+ be used for both searches and authentications.</p></li><li class="listitem"><p><span class="emphasis"><em>Truststore name</em></span> is a name of <a class="link" href="Java-Broker-Management-Managing-Truststores.html#Java-Broker-Management-Managing-Truststores-Attributes" title="7.13.2. Attributes">configured
+ truststore</a>. Use this if connecting to a Directory over SSL (i.e. ldaps://)
+ which is protected by a certificate signed by a private CA (or utilising a self-signed
+ certificate).</p></li><li class="listitem"><p>Additional group information can be obtained from LDAP.
+ There are two common ways of representing group membership in LDAP.
+ </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem">
+ User entries can hold membership information as attribute.
+ To use this the <span class="emphasis"><em>attribute name</em></span> that holds the group information must be specified.
+ </li><li class="listitem">
+ Group entries can hold a list of their members as attribute.
+ This can be used by specifying a <span class="emphasis"><em>search context</em></span> and <span class="emphasis"><em>search filter</em></span> to find all groups that the user should be considered a member of.
+ Typically this involves filtering groups by looking for the user's DN on a group attribute.
+ The <span class="emphasis"><em>subtree search scope</em></span> determines whether the search should include the subtree extending from the <span class="emphasis"><em>search context</em></span>.
+ </li></ul></div><p>
+ </p></li></ul></div><p>
+ </p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>In order to protect the security of the user's password, when using LDAP authentication,
+ you must: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>Use SSL on the broker's AMQP and HTTP ports to protect the password during
+ transmission to the Broker. The Broker enforces this restriction automatically on AMQP
+ and HTTP ports.</p></li><li class="listitem"><p>Authenticate to the Directory using SSL (i.e. ldaps://) to protect the password
+ during transmission from the Broker to the Directory.</p></li></ul></div></div><p> The LDAP Authentication Provider works in the following manner. If not in <code class="literal">bind
+ without search</code> mode, it first connects to the Directory and searches for the ldap
+ entity which is identified by the username. The search begins at the distinguished name
+ identified by <code class="literal">Search Context</code> and uses the username as a filter. The search
+ scope is sub-tree meaning the search will include the base object and the subtree extending
+ beneath it. </p><p> If the search returns a match, or is configured in <code class="literal">bind without search</code>
+ mode, the Authentication Provider then attempts to bind to the LDAP server with the given name
+ and the password. Note that <a class="link" href="http://docs.oracle.com/javase/7/docs/api/javax/naming/Context.html#SECURITY_AUTHENTICATION" target="_top">simple security
+ authentication</a> is used so the Directory receives the password in the clear.
+ </p><p>
+ By default, this authentication provider caches the result of an authentication for a short period of time. This
+ reduces the load on the Directory service if the same credentials are presented frequently within a short
+ period of time. The length of time a result will be cached is defined by context variable
+ <code class="literal">qpid.auth.cache.expiration_time</code> (default to 600 seconds). The cache can be disabled by
+ setting the context variable <code class="literal">qpid.auth.cache.size</code> to 0.
+ </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Kerberos-Provider"></a>8.1.2. Kerberos</h3></div></div></div><p> Kereberos Authentication Provider uses java GSS-API SASL mechanism to authenticate the
+ connections. </p><p> Configuration of kerberos is done through system properties (there doesn't seem to be a
+ way around this unfortunately). </p><pre class="programlisting">
+ export JAVA_OPTS=-Djavax.security.auth.useSubjectCredsOnly=false -Djava.security.auth.login.config=qpid.conf
+ ${QPID_HOME}/bin/qpid-server
+ </pre><p>Where qpid.conf would look something like this:</p><pre class="programlisting">
+com.sun.security.jgss.accept {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ doNotPrompt=true
+ realm="EXAMPLE.COM"
+ useSubjectCredsOnly=false
+ kdc="kerberos.example.com"
+ keyTab="/path/to/keytab-file"
+ principal="<name>/<host>";
+};</pre><p> Where realm, kdc, keyTab and principal should obviously be set correctly for the
+ environment where you are running (see the existing documentation for the C++ broker about
+ creating a keytab file). </p><p> Note: You may need to install the "Java Cryptography Extension (JCE) Unlimited Strength
+ Jurisdiction Policy Files" appropriate for your JDK in order to get Kerberos support working. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-OAuth2-Provider"></a>8.1.3. OAuth2</h3></div></div></div><p> This authentication provider allows users to login to the broker using credentials from a different service supporting OAuth2.
+ Unfortunately, the <a class="link" href="https://www.rfc-editor.org/rfc/rfc6749.txt" target="_top">OAuth2 specification</a> does not define a standard why to get the identity of a subject from an access token.
+ However, most OAuth2 implementations provide such functionality, although in different ways. Qpid handles this by providing so called IdentityResolvers.
+ Currently the following services are supported:
+ </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>CloudFoundry</p></li><li class="listitem"><p>Facebook</p></li><li class="listitem"><p>GitHub</p></li><li class="listitem"><p>Google</p></li><li class="listitem"><p>Microsoft Live</p></li></ul></div><p>
+ Since all of these, with the exception of CloudFoundry, are tied to a specific service they come with defaults for the Scope, Authorization-, Token-, and IdentityResolverEndpoint.
+ </p><p>
+ By default, this authentication provider caches the result of an authentication for a short period of time. This
+ reduces the load on the OAuth2 service if the same token is presented frequently within a short
+ period of time. The length of time a result will be cached is defined by context variable
+ <code class="literal">qpid.auth.cache.expiration_time</code> (default to 600 seconds). The cache can be disabled by
+ setting the context variable <code class="literal">qpid.auth.cache.size</code> to 0.
+ </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-External-Provider"></a>8.1.4. External (SSL Client Certificates)</h3></div></div></div><p> When <a class="link" href="Java-Broker-Management-Managing-Truststores.html" title="7.13. Truststores"> requiring SSL Client
+ Certificates</a> be presented the External Authentication Provider can be used, such that
+ the user is authenticated based on trust of their certificate alone, and the X500Principal
+ from the SSL session is then used as the username for the connection, instead of also
+ requiring the user to present a valid username and password. </p><p>
+ <span class="bold"><strong>Note:</strong></span> The External Authentication Provider should typically
+ only be used on the AMQP/HTTP ports, in conjunction with <a class="link" href="Java-Broker-Management-Managing-Ports.html" title="7.10. Ports">SSL client certificate
+ authentication</a>. It is not intended for other uses and
+ will treat any non-sasl authentication processes on these ports as successful with the given
+ username.</p><p>On creation of External Provider the use of full DN or username CN as a principal name can
+ be configured. If attribute "Use the full DN as the Username" is set to "true" the full DN is
+ used as an authenticated principal name. If attribute "Use the full DN as the Username" is set
+ to "false" the user name CN part is used as the authenticated principal name. Setting the
+ field to "false" is particular useful when <a class="link" href="Java-Broker-Security-ACLs.html" title="8.3. Access Control Lists">ACL</a> is required, as at the moment, ACL does not support commas in the user name.
+ </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Anonymous-Provider"></a>8.1.5. Anonymous</h3></div></div></div><p> The Anonymous Authentication Provider will allow users to connect with or without
+ credentials and result in their identification on the broker as the user ANONYMOUS. This
+ Provider does not require specification of any additional attributes on creation. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-ScramSha-Providers"></a>8.1.6. SCRAM SHA</h3></div></div></div><p>The SCRAM SHA Providers uses the Broker configuration itself to store the database of
+ users. The users'
+ passwords are stored as salted SHA digested password. This can be further encrypted using the
+ facilities described in <a class="xref" href="Java-Broker-Security-Configuration-Encryption.html" title="8.4. Configuration Encryption">Section 8.4, “Configuration Encryption”</a>.</p><p>There are two variants of this provider, SHA1 and SHA256. SHA256 is recommended whenever
+ possible. SHA1 is provided with compatibility with clients utilising JDK 1.6 (which does not
+ support SHA256).</p><p>For these providers user credentials can be added, removed or changed using
+ Management.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Plain-Provider"></a>8.1.7. Plain</h3></div></div></div><p>The Plain Provider uses the Broker configuration itself to store the database of users
+ (unlike the <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-PlainPasswordFile-Provider" title="8.1.8. Plain Password File (Deprecated)">PlainPasswordFile</a>, there is no separate password file). As the name suggests,
+ the user data (including password) is not hashed in any way. In order to provide encryption,
+ the facilities described in <a class="xref" href="Java-Broker-Security-Configuration-Encryption.html" title="8.4. Configuration Encryption">Section 8.4, “Configuration Encryption”</a>
+ must be used.</p><p>For this provider user credentials can be added, removed or changed using
+ Management.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-PlainPasswordFile-Provider"></a>8.1.8. Plain Password File <span class="emphasis"><em>(Deprecated)</em></span></h3></div></div></div><p><span class="emphasis"><em>This provider is deprecated and will be removed in a future release. The <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Plain-Provider" title="8.1.7. Plain">Plain</a> provider should be used
+ instead.</em></span></p><p> The PlainPasswordFile Provider uses local file to store and manage user credentials. When
+ creating an authentication provider the path to the file needs to be specified. If specified
+ file does not exist an empty file is created automatically on Authentication Provider
+ creation. On Provider deletion the password file is deleted as well.</p><p>For this provider user credentials can be added, removed or changed using
+ Management.</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e4627"></a>8.1.8.1. Plain Password File Format</h4></div></div></div><p> The user credentials are stored on the single file line as user name and user
+ password pairs separated by colon character. This file must not be modified externally
+ whilst the Broker is running.</p><pre class="programlisting">
+# password file format
+# <user name>: <user password>
+guest:guest
+ </pre></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-MD5-Provider"></a>8.1.9. MD5 Provider</h3></div></div></div><p> MD5 Provider uses the Broker configuration itself to store the database of
+ users (unlike the <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Base64MD5PasswordFile-Provider" title="8.1.10. Base64MD5 Password File (Deprecated)">Base64MD5 Password File</a>, there is no separate password file). Rather than store the
+ unencrypted user password (as the Plain provider does) it instead stores the MD5 password
+ digest. This can be further encrypted using the
+ facilities described in <a class="xref" href="Java-Broker-Security-Configuration-Encryption.html" title="8.4. Configuration Encryption">Section 8.4, “Configuration Encryption”</a>.</p><p>For this provider user credentials can be added, removed or changed using
+ Management.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Base64MD5PasswordFile-Provider"></a>8.1.10. Base64MD5 Password File <span class="emphasis"><em>(Deprecated)</em></span></h3></div></div></div><p><span class="emphasis"><em>This provider is deprecated and will be removed in a future release. The
+ <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-MD5-Provider" title="8.1.9. MD5 Provider">MD5</a> provider should be used
+ instead.</em></span></p><p> Base64MD5PasswordFile Provider uses local file to store and manage user credentials
+ similar to PlainPasswordFile but instead of storing a password the MD5 password digest encoded
+ with Base64 encoding is stored in the file. When creating an authentication provider the path
+ to the file needs to be specified. If specified file does not exist an empty file is created
+ automatically on Authentication Provider creation. On Base64MD5PasswordFile Provider deletion
+ the password file is deleted as well.</p><p>For this provider user credentials can be added, removed or changed using
+ Management.</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e4663"></a>8.1.10.1. Base64MD5 File Format</h4></div></div></div><p> The user credentials are stored on the single file line as user name and user password
+ pairs separated by colon character. The password is stored MD5 digest/Base64 encoded. This
+ file must not be modified externally whilst the Broker is running.</p></div></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Management-Managing-Plugin-HTTP.html">Prev</a> </td><td align="center" width="20%"> </td><td align="right" width="40%"> <a accesskey="n" href="Java-Broker-Security-Group-Providers.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">7.16. HTTP Plugin </td><td align="center" width="20%"><a accesskey="h" href="AMQP-Messaging-Broker-Java-Book.html">Home</a></td><td align="right" valign="top" width="40%"> 8.2. Group Providers</td></tr></table></div></div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/css/style.css
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/css/style.css b/input/releases/qpid-java-6.1.1/java-broker/book/css/style.css
new file mode 100644
index 0000000..8179bf4
--- /dev/null
+++ b/input/releases/qpid-java-6.1.1/java-broker/book/css/style.css
@@ -0,0 +1,131 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+ul {
+ list-style-type:square;
+}
+
+th {
+ font-weight: bold;
+}
+
+.navfooter td {
+ font-size:10pt;
+}
+
+.navheader td {
+ font-size:10pt;
+}
+
+body {
+ margin:0;
+ background:#FFFFFF;
+ font-family:"Verdana", sans-serif;
+ font-size:10pt;
+}
+
+.container {
+ width:950px;
+ margin:0 auto;
+}
+
+body a {
+ color:#000000;
+}
+
+
+div.book {
+ margin-left:10pt;
+ margin-right:10pt;
+}
+
+div.preface {
+ margin-left:10pt;
+ margin-right:10pt;
+}
+
+div.chapter {
+ margin-left:10pt;
+ margin-right:10pt;
+}
+
+div.section {
+ margin-left:10pt;
+ margin-right:10pt;
+}
+
+div.titlepage {
+ margin-left:-10pt;
+ margin-right:-10pt;
+}
+
+.calloutlist td {
+ font-size:10pt;
+}
+
+.table-contents table {
+ border-spacing: 0px;
+}
+
+.table-contents td {
+ font-size:10pt;
+ padding-left:6px;
+ padding-right:6px;
+}
+
+.chapter h2.title {
+ font-size:20pt;
+ color:#0c3b82;
+}
+
+.chapter .section h2.title {
+ font-size:18pt;
+ color:#0c3b82;
+}
+
+.section h2.title {
+ font-size:16pt;
+ color:#0c3b82;
+}
+
+.section h3.title {
+ font-size:14pt;
+ color:#0c3b82;
+}
+
+.section h4.title {
+ font-size:12pt;
+ color:#0c3b82;
+}
+
+.section h5.title {
+ font-size:12pt;
+ color:#0c3b82;
+}
+
+.section h6.title {
+ font-size:12pt;
+ color:#0c3b82;
+}
+
+.toc a {
+ font-size:9pt;
+}
+
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-MessageFlow.png
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-MessageFlow.png b/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-MessageFlow.png
new file mode 100644
index 0000000..b687dfe
Binary files /dev/null and b/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-MessageFlow.png differ
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-Model.png
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-Model.png b/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-Model.png
new file mode 100644
index 0000000..a254565
Binary files /dev/null and b/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-Model.png differ
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-PortAuthFlow.png
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-PortAuthFlow.png b/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-PortAuthFlow.png
new file mode 100644
index 0000000..4df2fa1
Binary files /dev/null and b/input/releases/qpid-java-6.1.1/java-broker/book/images/Broker-PortAuthFlow.png differ
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/6e5b75e1/input/releases/qpid-java-6.1.1/java-broker/book/images/Exchange-Direct.png
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.1.1/java-broker/book/images/Exchange-Direct.png b/input/releases/qpid-java-6.1.1/java-broker/book/images/Exchange-Direct.png
new file mode 100644
index 0000000..184fb80
Binary files /dev/null and b/input/releases/qpid-java-6.1.1/java-broker/book/images/Exchange-Direct.png differ
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org