You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2013/10/09 00:56:29 UTC
svn commit: r1530457 [11/30] - in /qpid/site:
docs/components/java-broker/book/ docs/components/java-broker/book/images/
input/components/java-broker/book/ input/components/java-broker/book/images/
Modified: qpid/site/docs/components/java-broker/book/Java-Broker-Security-ACLs.html
URL: http://svn.apache.org/viewvc/qpid/site/docs/components/java-broker/book/Java-Broker-Security-ACLs.html?rev=1530457&r1=1530456&r2=1530457&view=diff
==============================================================================
--- qpid/site/docs/components/java-broker/book/Java-Broker-Security-ACLs.html (original)
+++ qpid/site/docs/components/java-broker/book/Java-Broker-Security-ACLs.html Tue Oct 8 22:56:26 2013
@@ -1,40 +1,35 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>10.4. Access Control Lists</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 10. Security"><link rel="prev" href="Java-Broker-Security-Authentication-Providers.html" title="10.3. Authentication Providers"><link rel="next" href="Java-Broker-Security-SSL.html" title="10.5. SSL"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="
http://qpid.apache.org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists
.html">Mailing Lists</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A h
ref="http://www.apache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> > <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> > <span class="breadcrumb-node">Access Control Lists</span></DIV><div class="section" title="10.4. Access Control Lists"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-ACLs"></a>10.4. Access Control Lists</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>11.3. Access Control Lists</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 11. Security"><link rel="prev" href="Java-Broker-Security-Group-Providers.html" title="11.2. Group Providers"><link rel="next" href="Java-Broker-Security-SSL.html" title="11.4. SSL"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="http://qpid.apache
.org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing Lis
ts</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.ap
ache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> > <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> > <span class="breadcrumb-node">Access Control Lists</span></DIV><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-ACLs"></a>11.3. Access Control Lists</h2></div></div></div><p>
In Qpid, Access Control Lists (ACLs) specify which actions can be performed by each authenticated user.
- To enable, the <acl/> element is used within the <security/> element of the configuration XML.
- In the Java Broker, the ACL may be imposed broker wide or applied to individual virtual
- hosts. The <acl/> configuration references a text file containing the ACL rules.
+ To enable, an <span class="emphasis"><em>Access Control Provider</em></span> needs to be configured on the <span class="emphasis"><em>Broker</em></span>
+ level or/and ACL configuration should be provided on a <span class="emphasis"><em>Virtual Host</em></span> level.
+ The first imposes the ACL broker wide, and the second is applied to individual virtual hosts.
+ The <span class="emphasis"><em>Access Control Provider</em></span> of type "AclFile" uses local file to specify the ACL rules.
By convention, this file should have a .acl extension.
- </p><div class="section" title="10.4.1. Enabling ACLs"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-EnablingACL"></a>10.4.1.Â
- Enabling ACLs
- </h3></div></div></div><p>
- To apply an ACL broker-wide, add the following to the config.xml (assuming that <em class="replaceable"><code>conf</code></em> has been set to a suitable
- location such as ${QPID_HOME}/etc):
- </p><pre class="programlisting">
- <broker>
- ...
- <security>
- ...
- <acl><em class="replaceable"><code>${conf}/broker.acl</code></em></acl>
- </security>
- </broker>
- </pre><p>
- </p><p>
- To apply an ACL on a single virtualhost named <em class="replaceable"><code>test</code></em>, add the following to the config.xml:
- </p><pre class="programlisting">
- <virtualhost>
- ...
- <name>test</name>
- <test>
- ...
- <security>
- <acl><em class="replaceable"><code>${conf}/vhost_test.acl</code></em></acl>
- </security>
- </test>
- </virtualhost>
- </pre></div><div class="section" title="10.4.2. Writing .acl files"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-WriteACL"></a>10.4.2.Â
+ </p><p>
+ A Group Provider can be configured with ACL to define the user groups which can be used in ACL
+ to determine the ACL rules applicable to the entire group. The configuration details for the Group Providers are described in
+ <a class="xref" href="Java-Broker-Security-Group-Providers.html" title="11.2. Group Providers">Section 11.2, âGroup Providersâ</a>. On creation of ACL Provider with group rules,
+ the Group Provider should be added first. Otherwise, if the individual ACL rules are not defined for the logged principal
+ the following invocation of management operations could be denied due to absence of the required groups.</p><p>Only one <span class="emphasis"><em>Access Control Provider</em></span> can be used by the Broker.
+ If several <span class="emphasis"><em>Access Control Providers</em></span> are configured on Broker level
+ only one of them will be used (the latest one). <a class="xref" href="Java-Broker-Virtual-Hosts-Configuration-File-ACL.html" title="14.2. Configuring ACL">Section 14.2, âConfiguring ACLâ</a>
+ shows how to configure ACL on <span class="emphasis"><em>Virtual Host</em></span> using virtual host configuration xml.
+ If both Broker <span class="emphasis"><em>Access Control Provider</em></span> and <span class="emphasis"><em>Virtual Host</em></span> ACL are configured,
+ the <span class="emphasis"><em>Virtual Host</em></span> ACL is used for authorization of operations on <span class="emphasis"><em>Virtual Host</em></span> and
+ Virtual Host objects and Broker level ACL is used to authorization of operations on Broker and Broker children
+ (excluding Virtual Hosts having ACL configured).
+ </p><p>
+ The ACL Providers can be configured using <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-REST-API" title="5.2.4. REST API">REST Management interfaces</a>
+ and <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">Web Management Console</a>.
+ </p><p>The following ACL Provider managing operations are available from Web Management Console:
+ </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A new ACL Provider can be added by clicking onto "Add Access Control Provider" on the Broker tab.</p></li><li class="listitem"><p>An ACL Provider details can be viewed on the Access Control Provider tab.
+ The tab is shown after clicking onto ACL Provider name in the Broker object tree or after clicking
+ onto ACL Provider row in ACL Providers grid on the Broker tab.</p></li><li class="listitem"><p>An existing ACL Provider can be deleted by clicking onto buttons "Delete Access Control Provider"
+ on the Broker tab or Access Control Provider tab.</p></li></ul></div><p>
+ </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-WriteACL"></a>11.3.1.Â
Writing .acl files
</h3></div></div></div><p>
- The ACL file consists of a series of rules associating behaviour for a user or group. Use of groups can serve to make the ACL file more concise. See <a class="link" href="Java-Broker-Security-Group-Providers.html" title="10.2. Configuring Group Providers">Configuring Group Providers</a> for more information on defining groups.
+ The ACL file consists of a series of rules associating behaviour for a user or group. Use of groups can serve to make the ACL file more concise. See <a class="link" href="Java-Broker-Security-Group-Providers.html" title="11.2. Group Providers">Configuring Group Providers</a> for more information on defining groups.
</p><p>
Each ACL rule grants or denies a particular action on an object to a user/group. The rule may be augmented with one or more properties, restricting
the rule's applicability.
@@ -67,7 +62,7 @@
ACL rules are very powerful: it is possible to write very granular rules specifying many broker objects and their
properties. Most projects probably won't need this degree of flexibility. A reasonable approach is to choose to apply permissions
at a certain level of abstraction (e.g. QUEUE) and apply them consistently across the whole system.
- </p></div><div class="section" title="10.4.3. Syntax"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-Syntax"></a>10.4.3.Â
+ </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-Syntax"></a>11.3.2.Â
Syntax
</h3></div></div></div><p>
ACL rules follow this syntax:
@@ -80,8 +75,8 @@
ACL ALLOW admin CREATE ALL # Also a comment
ACL DENY guest \
ALL ALL # A broken line
- </pre></div><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_permissions"></a><p class="title"><b>Table 10.1. List of ACL permission</b></p><div class="table-contents"><table summary="List of ACL permission" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>ALLOW</strong></span></td><td><p>Allow the action</p></td></tr><tr><td><span class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action and log the action in the log </p></td></tr><tr><td><span class="command"><strong>DENY</strong></span></td><td><p> Deny the action</p></td></tr><tr><td><span class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action and log the action in the log</p></td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_actions"></a><p class="title"><b>Table 10.2. List of ACL actions</b></p><div class="table-contents"><table summary=
"List of ACL actions" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when subscriptions are created </p> </td></tr><tr><td> <span class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per message basis on publish message transfers</p> </td></tr><tr><td> <span class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an object is created, such as bindings, queues, exchanges</p> </td></tr><tr><td> <span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when an object is read or accessed</p> </td></tr><tr><td> <span class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues are bound to exchanges</p> </td></tr><tr><td> <span class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when queues are unbound from exchanges</p> </td></tr><tr><td> <span class="command"><strong>DELETE</strong></span> </td><td> <p> Applie
d when objects are deleted </p> </td></tr><tr><td> <span class="command"><strong>PURGE</strong></span> </td><td>
- <p>Applied when purge the contents of a queue</p> </td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when an object is updated </p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_objects"></a><p class="title"><b>Table 10.3. List of ACL objects</b></p><div class="table-contents"><table summary="List of ACL objects" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p>A virtualhost (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>MANAGEMENT </strong></span> </td><td> <p>Management - for web and JMX (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>QUEUE</strong></span> </td><td> <p>A queue </p> </td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> </td><td> <p>An exchange </p> </td></tr><tr><td> <span class=
"command"><strong>USER</strong></span> </td><td> <p>A user (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>GROUP</strong></span> </td><td> <p>A group (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>METHOD</strong></span> </td><td> <p>Management or agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>LINK</strong></span> </td><td> <p>A federation or inter-broker link (not currently used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>BROKER</strong></span> </td><td> <p>The broker (not currently used in Java Broker)</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_properties"></a><p class="title"><b>Table 10.4. List of ACL properties</b></p><div class="table-contents"><table summary="List of ACL properties" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><s
trong>name</strong></span> </td><td> <p> String. Object name, such as a queue name, exchange name or JMX method name. </p> </td></tr><tr><td> <span class="command"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> <span class="command"><strong>routingkey</strong></span> </td><td> <p> String. Specifies routing key </p> </td></tr><tr><td> <span class="command"><strong>passive</strong></span> </td><td> <p> Boolean. Indicates the presence of a <em class="parameter"><code>passive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. Indicates whether or not the object gets deleted when the connection is closed </p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>temporary</str
ong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>temporary</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span> </td><td> <p> String. Type of object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of the alternate exchange </p> </td></tr><tr><td> <span class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of the queue (used only when the object is something other than <em class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span class="command"><strong>component</strong></span> </td><td> <p> String. JMX component name (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>schemapackage</strong></span> </td><td> <p> String. QMF schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>schemaclass</strong></span> </td><td>
<p> String. QMF schema class name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>from_network</strong></span> </td><td>
+ </pre></div><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_permissions"></a><p class="title"><b>Table 11.1. List of ACL permission</b></p><div class="table-contents"><table summary="List of ACL permission" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>ALLOW</strong></span></td><td><p>Allow the action</p></td></tr><tr><td><span class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action and log the action in the log </p></td></tr><tr><td><span class="command"><strong>DENY</strong></span></td><td><p> Deny the action</p></td></tr><tr><td><span class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action and log the action in the log</p></td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_actions"></a><p class="title"><b>Table 11.2. List of ACL actions</b></p><div class="table-contents"><table summary=
"List of ACL actions" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when subscriptions are created </p> </td></tr><tr><td> <span class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per message basis on publish message transfers</p> </td></tr><tr><td> <span class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an object is created, such as bindings, queues, exchanges</p> </td></tr><tr><td> <span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when an object is read or accessed</p> </td></tr><tr><td> <span class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues are bound to exchanges</p> </td></tr><tr><td> <span class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when queues are unbound from exchanges</p> </td></tr><tr><td> <span class="command"><strong>DELETE</strong></span> </td><td> <p> Applie
d when objects are deleted </p> </td></tr><tr><td> <span class="command"><strong>PURGE</strong></span> </td><td>
+ <p>Applied when purge the contents of a queue</p> </td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when an object is updated </p> </td></tr><tr><td> <span class="command"><strong>CONFIGURE</strong></span> </td><td> <p> Applied when an object is configured via REST management interfaces(Java Broker only).</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_objects"></a><p class="title"><b>Table 11.3. List of ACL objects</b></p><div class="table-contents"><table summary="List of ACL objects" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p>A virtualhost (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>MANAGEMENT </strong></span> </td><td> <p>Management - for web and JMX (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>QUE
UE</strong></span> </td><td> <p>A queue </p> </td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> </td><td> <p>An exchange </p> </td></tr><tr><td> <span class="command"><strong>USER</strong></span> </td><td> <p>A user (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>GROUP</strong></span> </td><td> <p>A group (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>METHOD</strong></span> </td><td> <p>Management or agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>LINK</strong></span> </td><td> <p>A federation or inter-broker link (not currently used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>BROKER</strong></span> </td><td> <p>The broker</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_properties"></a><p class="title"><b>Table 11.4. List of ACL properties</b></p><div
class="table-contents"><table summary="List of ACL properties" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>name</strong></span> </td><td> <p> String. Object name, such as a queue name, exchange name or JMX method name. </p> </td></tr><tr><td> <span class="command"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> <span class="command"><strong>routingkey</strong></span> </td><td> <p> String. Specifies routing key </p> </td></tr><tr><td> <span class="command"><strong>passive</strong></span> </td><td> <p> Boolean. Indicates the presence of a <em class="parameter"><code>passive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. Indicates whether or not the object gets deleted when the connection is closed </p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> </td><td> <p> Boolean. Indicate
s the presence of an <em class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>temporary</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span> </td><td> <p> String. Type of object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of the alternate exchange </p> </td></tr><tr><td> <span class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of the queue (used only when the object is something other than <em class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span class="command"><strong>component</strong></span> </td><td> <p> String. JMX component name (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>schemapackage</strong></span> </td><td> <p> Stri
ng. QMF schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>schemaclass</strong></span> </td><td> <p> String. QMF schema class name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>from_network</strong></span> </td><td>
<p>
Comma-separated strings representing IPv4 address ranges.
</p>
@@ -125,12 +120,12 @@
<p>
Java Broker only.
</p>
- </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_javacomponents"></a><p class="title"><b>Table 10.5. List of ACL rules</b></p><div class="table-contents"><table summary="List of ACL rules" border="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span class="command"><strong>UserManagement</strong></span> </td><td> <p>User maintainance; create/delete/view users, change passwords etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>ConfigurationManagement</strong></span> </td><td> <p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>LoggingManagement</strong></span> </td><td> <p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>Server
Information</strong></span> </td><td> <p>Read-only information regarding the Qpid: version number etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue maintainance; copy/move/purge/view etc</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Exchange</strong></span> </td><td> <p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td> <p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td class="auto-generated"> </td></tr></tbody></table></div></div><br class="table-break"><div class="section" title="10.4.4. Worked Examples"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-WorkedExamples"></a>10.4.4.Â
+ </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_javacomponents"></a><p class="title"><b>Table 11.5. List of ACL rules</b></p><div class="table-contents"><table summary="List of ACL rules" border="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span class="command"><strong>UserManagement</strong></span> </td><td> <p>User maintainance; create/delete/view users, change passwords etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>ConfigurationManagement</strong></span> </td><td> <p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>LoggingManagement</strong></span> </td><td> <p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>Server
Information</strong></span> </td><td> <p>Read-only information regarding the Qpid: version number etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue maintainance; copy/move/purge/view etc</p> </td><td class="auto-generated">Â </td></tr><tr><td> <span class="command"><strong>VirtualHost.Exchange</strong></span> </td><td> <p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td class="auto-generated">Â </td></tr><tr><td> <span class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td> <p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td class="auto-generated">Â </td></tr></tbody></table></div></div><br class="table-break"><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-WorkedExamples"></a>11.3.3.Â
Worked Examples
</h3></div></div></div><p>
Here are some example ACLs illustrating common use cases.
In addition, note that the Java broker provides a complete example ACL file, located at etc/broker_example.acl.
- </p><div class="section" title="10.4.4.1. Worked example 1 - Management rights"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample1"></a>10.4.4.1.Â
+ </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample1"></a>11.3.3.1.Â
Worked example 1 - Management rights
</h4></div></div></div><p>
Suppose you wish to permission two users: a user 'operator' must be able to perform all Management operations, and
@@ -149,11 +144,11 @@ ACL ALLOW readonly ACCESS ALL
...
# Explicitly deny all (log) to eveyone
ACL DENY-LOG ALL ALL
- </pre></div><div class="section" title="10.4.4.2. Worked example 2 - User maintainer group"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample2"></a>10.4.4.2.Â
+ </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample2"></a>11.3.3.2.Â
Worked example 2 - User maintainer group
</h4></div></div></div><p>
Suppose you wish to restrict User Management operations to users belonging to a
- <a class="link" href="Java-Broker-Security-Group-Providers.html" title="10.2. Configuring Group Providers">group</a> 'usermaint'. No other user
+ <a class="link" href="Java-Broker-Security-Group-Providers.html" title="11.2. Group Providers">group</a> 'usermaint'. No other user
is allowed to perform user maintainence This example illustrates the permissioning of an individual component.
</p><pre class="programlisting">
# Give usermaint access to management and permission to execute all JMX Methods on the
@@ -167,7 +162,7 @@ ACL DENY ALL ALL USER
... rules for other users
...
ACL DENY-LOG ALL ALL
- </pre></div><div class="section" title="10.4.4.3. Worked example 3 - Request/Response messaging"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample3"></a>10.4.4.3.Â
+ </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample3"></a>11.3.3.3.Â
Worked example 3 - Request/Response messaging
</h4></div></div></div><p>
Suppose you wish to permission a system using a request/response paradigm. Two users: 'client' publishes requests;
@@ -198,7 +193,7 @@ ACL ALLOW server BIND EXCHANGE
ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" routingKey="TempQueue*"
ACL DENY-LOG all all
- </pre></div><div class="section" title="10.4.4.4. Worked example 4 - firewall-like access control"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample4"></a>10.4.4.4.Â
+ </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample4"></a>11.3.3.4.Â
Worked example 4 - firewall-like access control
</h4></div></div></div><p>
This example illustrates how to set up an ACL that restricts the IP addresses and hostnames
@@ -229,4 +224,45 @@ ACL DENY-LOG messaging-users ACCESS VIRT
from_network="192.169.1.*,192.169.2.*"
ACL DENY-LOG all all
- </pre></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security-Authentication-Providers.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Security-SSL.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">10.3. Authentication Providers </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 10.5. SSL</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
+ </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample5"></a>11.3.3.5.Â
+ Worked example 5 - REST management ACL example
+ </h4></div></div></div><p>
+ This example illustrates how to set up an ACL that restricts usage of REST management interfaces.
+ </p><pre class="programlisting">
+# allow to the users from webadmins group to change broker model
+# this rule allows adding/removing/editing of Broker level objects:
+# Broker, Virtual Host, Group Provider, Authentication Provider, Port, Access Control Provider etc
+ACL ALLOW-LOG webadmins CONFIGURE BROKER
+
+# allow to the users from webadmins group to perform
+# create/update/delete on Virtual Host children
+ACL ALLOW-LOG webadmins CREATE QUEUE
+ACL ALLOW-LOG webadmins UPDATE QUEUE
+ACL ALLOW-LOG webadmins DELETE QUEUE
+ACL ALLOW-LOG webadmins PURGE QUEUE
+ACL ALLOW-LOG webadmins CREATE EXCHANGE
+ACL ALLOW-LOG webadmins DELETE EXCHANGE
+ACL ALLOW-LOG webadmins BIND EXCHANGE
+ACL ALLOW-LOG webadmins UNBIND EXCHANGE
+
+# allow to the users from webadmins group to create/update/delete groups on Group Providers
+ACL ALLOW-LOG webadmins CREATE GROUP
+ACL ALLOW-LOG webadmins DELETE GROUP
+ACL ALLOW-LOG webadmins UPDATE GROUP
+
+# allow to the users from webadmins group to create/update/delete users for Authentication Providers
+ACL ALLOW-LOG webadmins CREATE USER
+ACL ALLOW-LOG webadmins DELETE USER
+ACL ALLOW-LOG webadmins UPDATE USER
+
+# allow to the users from webadmins group to move, copy and delete messagaes
+# using REST management interfaces
+ACL ALLOW-LOG webadmins UPDATE METHOD
+
+# at the moment only the following UPDATE METHOD rules are supported by web management console
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="moveMessages"
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="copyMessages"
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="deleteMessages"
+
+ACL DENY-LOG all all
+ </pre></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security-Group-Providers.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Security-SSL.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">11.2. Group Providers </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 11.4. SSL</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
Modified: qpid/site/docs/components/java-broker/book/Java-Broker-Security-Group-Providers.html
URL: http://svn.apache.org/viewvc/qpid/site/docs/components/java-broker/book/Java-Broker-Security-Group-Providers.html?rev=1530457&r1=1530456&r2=1530457&view=diff
==============================================================================
--- qpid/site/docs/components/java-broker/book/Java-Broker-Security-Group-Providers.html (original)
+++ qpid/site/docs/components/java-broker/book/Java-Broker-Security-Group-Providers.html Tue Oct 8 22:56:26 2013
@@ -1,23 +1,23 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>10.2. Configuring Group Providers</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 10. Security"><link rel="prev" href="Java-Broker-Security.html" title="Chapter 10. Security"><link rel="next" href="Java-Broker-Security-Authentication-Providers.html" title="10.3. Authentication Providers"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A><
/LI><LI><A href="http://qpid.apache.org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.
org/mailing_lists.html">Mailing Lists</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home
</A></LI><LI><A href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> > <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> > <span class="breadcrumb-node">Configuring Group Providers</span></DIV><div class="section" title="10.2. Configuring Group Providers"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-Group-Providers"></a>10.2. Configuring Group Providers</h2></div></div></div><p>
- The Java broker utilises GroupProviders to allow assigning users to groups for use in <a class="link" href="Java-Broker-Security-ACLs.html" title="10.4. Access Control Lists">ACLs</a>. Following authentication by a given <a class="link" href="Java-Broker-Security-Authentication-Providers.html" title="10.3. Authentication Providers">Authentication Provider</a>, the configured Group Providers are consulted to allowing assignment of GroupPrincipals for a given authenticated user.
- </p><div class="section" title="10.2.1. FileGroupManager"><div class="titlepage"><div><div><h3 class="title"><a name="File-Group-Manager"></a>10.2.1. FileGroupManager</h3></div></div></div><p>
- The FileGroupManager allows specifying group membership in a flat file on disk, and is also exposed for inspection and update through the brokers HTTP management interface.
- </p><p>
- To enable the FileGroupManager, add the following configuration to the config.xml, adjusting the groupFile attribute value to match your desired groups file location.
- </p><pre class="programlisting">
- ...
- <security>
- <file-group-manager>
- <attributes>
- <attribute>
- <name>groupFile</name>
- <value>${conf}/groups</value>
- </attribute>
- </attributes>
- </file-group-manager>
- </security>
- ...
-</pre><div class="section" title="10.2.1.1. File Format"><div class="titlepage"><div><div><h4 class="title"><a name="File-Group-Manager-FileFormat"></a>10.2.1.1. File Format</h4></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>11.2. Group Providers</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 11. Security"><link rel="prev" href="Java-Broker-Security.html" title="Chapter 11. Security"><link rel="next" href="Java-Broker-Security-ACLs.html" title="11.3. Access Control Lists"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="http://qpid.apache.
org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing List
s</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.apa
che.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> > <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> > <span class="breadcrumb-node">Group Providers</span></DIV><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-Group-Providers"></a>11.2. Group Providers</h2></div></div></div><p>
+ The Java broker utilises GroupProviders to allow assigning users to groups for use in <a class="link" href="Java-Broker-Security-ACLs.html" title="11.3. Access Control Lists">ACLs</a>.
+ Following authentication by a given <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Authentication-Providers" title="11.1. Authentication Providers">Authentication Provider</a>,
+ the configured Group Providers are consulted allowing the assignment of GroupPrincipals for a given authenticated user. Any number of
+ Group Providers can be added into the Broker. All of them will be checked for the presence of the groups for a given authenticated user.
+ </p><p>The <span class="emphasis"><em>Group Provider</em></span> can be configured using <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-REST-API" title="5.2.4. REST API">
+ REST Management interfaces</a> and <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">Web Management Console</a>.</p><p>The following <span class="emphasis"><em>Group Provider</em></span> managing operations are available from Web Management Console:
+ </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A new Group Provider can be added by clicking onto "Add Group Provider" button on a Broker tab.</p></li><li class="listitem"><p>An existing providers can be removed by pressing "Delete Group Provider" button
+ on Broker tab or Group Provider tab.</p></li><li class="listitem"><p>On clicking onto provider name in the Group Providers grid or Broker object tree,
+ the tab for the Group Provider is displayed.</p></li><li class="listitem"><p>A new group can be added into the Group Provider by clicking onto "Add Group" button on provider tab.</p></li><li class="listitem"><p>An existing group can be deleted from the Group Provider by clicking onto "Delete Group" button on provider tab.</p></li><li class="listitem"><p>On clicking onto group name in the groups grid, the tab with the list of existing
+ group members is displayed for the Group.</p></li><li class="listitem"><p>From the Group tab a new member can be added into a group or existing members can be deleted
+ from a group by clicking on "Add Group Member" or "Remove Group Members" accordingly.</p></li></ul></div><p>
+ </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="File-Group-Manager"></a>11.2.1. GroupFile Provider</h3></div></div></div><p>
+ The <span class="emphasis"><em>GroupFile</em></span> Provider allows specifying group membership in a flat file on disk.
+ On adding a new GroupFile Provider the path to the groups file is required to be specified.
+ If file does not exist an empty file is created automatically. On deletion of GroupFile Provider
+ the groups file is deleted as well. Only one instance of "GroupFile" Provider per groups file location can be created.
+ On attempt to create another GroupFile Provider pointing to the same location the error will be displayed and
+ the creation will be aborted.
+ </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="File-Group-Manager-FileFormat"></a>11.2.1.1. File Format</h4></div></div></div><p>
The groups file has the following format:
</p><pre class="programlisting">
# <GroupName>.users = <comma deliminated user list>
@@ -28,4 +28,4 @@
Only users can be added to a group currently, not other groups. Usernames can't contain commas.
</p><p>
Lines starting with a '#' are treated as comments when opening the file, but these are not preserved when the broker updates the file due to changes made through the management interface.
- </p></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Security-Authentication-Providers.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 10. Security </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 10.3. Authentication Providers</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
+ </p></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Security-ACLs.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 11. Security </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 11.3. Access Control Lists</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
Modified: qpid/site/docs/components/java-broker/book/Java-Broker-Security-SSL.html
URL: http://svn.apache.org/viewvc/qpid/site/docs/components/java-broker/book/Java-Broker-Security-SSL.html?rev=1530457&r1=1530456&r2=1530457&view=diff
==============================================================================
--- qpid/site/docs/components/java-broker/book/Java-Broker-Security-SSL.html (original)
+++ qpid/site/docs/components/java-broker/book/Java-Broker-Security-SSL.html Tue Oct 8 22:56:26 2013
@@ -1,57 +1,47 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>10.5. SSL</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 10. Security"><link rel="prev" href="Java-Broker-Security-ACLs.html" title="10.4. Access Control Lists"><link rel="next" href="Java-Broker-Runtime.html" title="Chapter 11. Runtime"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="http://qpid.apache.org/download.h
tml">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI>
<A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.apache.org/founda
tion/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> > <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> > <span class="breadcrumb-node">SSL</span></DIV><div class="section" title="10.5. SSL"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-SSL"></a>10.5. SSL</h2></div></div></div><p>
- This section will show how to use SSL to enable secure
- connections between an AMQP message client and the broker.
- </p><div class="section" title="10.5.1. Keystore Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="SSL-Keystore"></a>10.5.1. Keystore Configuration</h3></div></div></div><p>
- The broker configuration file (config.xml) needs to be updated to include the required SSL keystore
- configuration, an example of which can be found below.
- </p><div class="example"><a name="idp957712"></a><p class="title"><b>Example 10.6. Configuring an SSL Keystore</b></p><div class="example-contents"><pre class="programlisting">
-<connector>
- ...
- <ssl>
- <enabled>true</enabled>
- <port>5671</port>
- <sslOnly>false</sslOnly>
- <keyStorePath>/path/to/keystore.ks</keyStorePath>
- <keyStorePassword>keystorepass</keyStorePassword>
- <certAlias>alias<certAlias>
- </ssl>
- ...
-<connector></pre></div></div><br class="example-break"><p>
- The certAlias element is an optional way of specifying which certificate the broker should use
- if the keystore contains multiple entries.
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>11.4. SSL</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 11. Security"><link rel="prev" href="Java-Broker-Security-ACLs.html" title="11.3. Access Control Lists"><link rel="next" href="Java-Broker-Runtime.html" title="Chapter 12. Runtime"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpidâ¢</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="http://qpid.apache.org/download.h
tml">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI>
<A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.apache.org/founda
tion/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> > <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> > <span class="breadcrumb-node">SSL</span></DIV><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-SSL"></a>11.4. SSL</h2></div></div></div><p>
+ This section guides through the details of configuration of Keystores and Trsustores
+ required for enabling of SSL transport and Client Certificate Authentication on Broker ports.
+ The details how to configure SSL on Broker ports are provided in <a class="xref" href="Java-Broker-Ports.html" title="Chapter 6. Broker Ports">Chapter 6, <i>Broker Ports</i></a>.
+ </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-SSL-Keystore"></a>11.4.1. Keystore Configuration</h3></div></div></div><p>
+ A Keystore can be added/deleted/edited using <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-REST-API" title="5.2.4. REST API">
+ REST Management interfaces</a> and <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">
+ Web Management Console</a>. Any number of Keystores can be configured on the Broker.
+ SSL ports can be configured with different Keystores.
+ </p><p>The following Keystore managing operations are available from
+ <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">Web Management Console</a>:
+ </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A new Keystore can be added by clicking on "Add Key Store" button on the Broker tab.</p></li><li class="listitem"><p>Keystore details can be viewed on the Keystore tab which is displayed after clicking
+ on Keystore name in the Broker object tree or after clicking on Keystore row in Keystores grid on the Broker tab.</p></li><li class="listitem"><p>Editing of Keystore can be performed by clicking on "Edit" button on the Keystore tab.
+ Changing of Keystore name is unsupported at the moment. If changed Keystore is used by the Port
+ the changes on Port object will take effect after Broker restart.</p></li><li class="listitem"><p>An existing Keystore can be deleted by clicking on "Delete Key Store" button on Broker tab
+ or hitting "Delete" button on the Keystore tab. Only unused Keystores can be deleted.
+ The deletion of the Keystore configured on any Broker Port is not allowed.</p></li></ul></div><p>
</p><p>
- The sslOnly element controls whether the broker will <span class="bold"><strong>only</strong></span> bind
- the configured SSL port(s) or will also bind the non-SSL port(s). Setting sslOnly to true will
- disable the non-SSL ports.
- </p><div class="important" title="Important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>
+ The "Keystore certificate alias" field is an optional way of specifying which certificate the broker should use
+ if the keystore contains multiple entries. Optionally "Key manager factory algorithm" and "Key store type" can
+ be specified on Keystore creation.
+ </p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>
The password of the certificate used by the Broker <span class="bold"><strong>must</strong></span>
match the password of the keystore itself. This is a restriction of the Qpid Broker
implementation. If using the <a class="ulink" href="http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html" target="_top">keytool</a> utility,
note that this means the argument to the <code class="option">-keypass</code> option must match
the <code class="option">-storepass</code> option.
- </p></div></div><div class="section" title="10.5.2. Truststore / Client Certificate Authentication"><div class="titlepage"><div><div><h3 class="title"><a name="SSL-Truststore-ClientCertificate"></a>10.5.2. Truststore / Client Certificate Authentication</h3></div></div></div><p>
- The SSL trustore and related Client Certificate Authentication behaviour can be configured with
- additional configuration as shown in the example below, in which the broker requires client
- certificate authentication.
- </p><div class="example"><a name="idp967008"></a><p class="title"><b>Example 10.7. Configuring an SSL Truststore and client auth</b></p><div class="example-contents"><pre class="programlisting">
-<connector>
- ...
- <ssl>
- ...
- <trustStorePath>/path/to/truststore.ks</trustStorePath>
- <trustStorePassword>truststorepass</trustStorePassword>
- <needClientAuth>true</needClientAuth>
- <wantClientAuth>false</wantClientAuth>
- ...
- </ssl>
- ...
-<connector></pre></div></div><br class="example-break"><p>
- The needClientAuth and wantClientAuth elements allow control of whether the client must present an
- SSL certificate. Only one of these elements is needed but both may be used at the same time.
- A socket's client authentication setting is one of three states: required (needClientAuth = true),
- requested (wantClientAuth = true), or none desired (both false, the default). If both elements are
- set to true, needClientAuth takes precedence.
- </p><p>
- When using Client Certificate Authentication it may be desirable to use the External Authentication
- Manager, for details see <a class="xref" href="Java-Broker-Security-Authentication-Providers.html#ExternalAuthManager" title="10.3.4. External (SSL Client Certificates)">Section 10.3.4, âExternal (SSL Client Certificates)â</a>
- </p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security-ACLs.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Runtime.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">10.4. Access Control Lists </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 11. Runtime</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
+ </p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="SSL-Truststore-ClientCertificate"></a>11.4.2. Truststore / Client Certificate Authentication</h3></div></div></div><p>
+ The SSL trustore and related Client Certificate Authentication behaviour can be configured
+ by adding a Trustore configured object and associating it with the SSL port.
+ A Truststore can be added/deleted/edited using <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-REST-API" title="5.2.4. REST API">
+ REST Management interfaces</a> and <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">
+ Web Management Console</a>. Any number of Trustores can be configured on the Broker.
+ Multiple Trustores can be configured on Broker SSL Ports.
+ </p><p>The following Truststore managing operations are available from
+ <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">Web Management Console</a>:
+ </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A new Truststore can be added by clicking on "Add Trust Store" button on the Broker tab.</p></li><li class="listitem"><p>Truststore details can be viewed on the Truststore tab which is displayed after clicking
+ onto Truststore name in the Broker object tree or after clicking onto Truststore row in Truststores grid on the Broker tab.</p></li><li class="listitem"><p>Trustore can be edited by clicking onto "Edit" button on the Trustore tab.
+ Changing of Trustore name is unsupported at the moment.</p></li><li class="listitem"><p>An existing Trustore can be deleted by clicking onto "Delete Trust Store" button
+ on Broker tab or "Delete" button on the Truststore tab. Only unused Truststores can be deleted.
+ The deletion of the Truststore configured on any Broker Port is not allowed.</p></li></ul></div><p>
+ </p><p>When "Peers Only" option is selected for the Truststore it will allow logging in for the clients
+ with the certificate exactly matching the certificate loaded in the Truststore database,
+ thus, authenticating the connections with self signed certificates not nessesary signed by CA.
+ </p><p>"Trust manager factory algorithm" and "Trust store type" can
+ be optionally specified for the Trustore.
+ </p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security-ACLs.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Runtime.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">11.3. Access Control Lists </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 12. Runtime</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org