You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ro...@apache.org on 2012/09/02 16:34:48 UTC
svn commit: r1379980 - in /qpid/trunk/qpid/doc/book/src/java-broker:
AMQP-Messaging-Broker-Java-Book.xml Configure-ACLs.xml
Configure-AuthenticationProviders.xml Configure-Group-Providers.xml
Author: robbie
Date: Sun Sep 2 14:34:48 2012
New Revision: 1379980
URL: http://svn.apache.org/viewvc?rev=1379980&view=rev
Log:
QPID-4236,QPID-4237: add some documentation for the FileGroupManager and update the ACL documentation to link that instead, removing the previous group info.
Added:
qpid/trunk/qpid/doc/book/src/java-broker/Configure-Group-Providers.xml
Modified:
qpid/trunk/qpid/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml
qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml
qpid/trunk/qpid/doc/book/src/java-broker/Configure-AuthenticationProviders.xml
Modified: qpid/trunk/qpid/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml?rev=1379980&r1=1379979&r2=1379980&view=diff
==============================================================================
--- qpid/trunk/qpid/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml (original)
+++ qpid/trunk/qpid/doc/book/src/java-broker/AMQP-Messaging-Broker-Java-Book.xml Sun Sep 2 14:34:48 2012
@@ -52,6 +52,7 @@
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Add-New-Users.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-ACLs.xml"/>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-Group-Providers.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-Java-Qpid-to-use-a-SSL-connection.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-Log4j-CompositeRolling-Appender.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="Configure-the-Broker-via-config.xml.xml"/>
Modified: qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml?rev=1379980&r1=1379979&r2=1379980&view=diff
==============================================================================
--- qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml (original)
+++ qpid/trunk/qpid/doc/book/src/java-broker/Configure-ACLs.xml Sun Sep 2 14:34:48 2012
@@ -79,11 +79,10 @@
</title>
<para>
- The ACL file consists of a series of rules and group definitions. Each rule grants or denies specific rights to a user or group. Group
- definitions declare groups of users and serve to make the ACL file more concise.
+ The ACL file consists of a series of rules associating behaviour for a user or group. Use of groups can serve to make the ACL file more concise. See <link linkend="Configuring-Group-Providers">Configuring Group Providers</link> for more information on defining groups.
</para>
<para>
- Each ACL rule grants (or denies) a particular action on a object to a user. The rule may be augmented with one or more properties, restricting
+ Each ACL rule grants (or denies) a particular action on a object to a user/group. The rule may be augmented with one or more properties, restricting
the rule's applicability.
</para>
<programlisting>
@@ -136,13 +135,6 @@
</programlisting>
<para>
- GROUP definitions must follow this syntax:
- </para>
- <programlisting>
- GROUP {group name} {username 1}..{username n} # Where username is a username, or a groupname.
- </programlisting>
-
- <para>
Comments may be introduced with the hash (#) character and are ignored. Long lines can be broken with the slash (\) character.
</para>
<programlisting>
@@ -150,8 +142,6 @@
ACL ALLOW admin CREATE ALL # Also a comment
ACL DENY guest \
ALL ALL # A broken line
- GROUP securegroup bob \
- alice # Another broker line
</programlisting>
</section>
<table id="tabl-ConfigureACLs-Syntax_permissions">
@@ -385,13 +375,10 @@
Worked example 2 - User maintainer group
</title>
<para>
- Suppose you wish to restrict User Management operations to users belonging to a group 'usermaint'. No other user
- is allowed to perform user maintainence This example illustrates the permissioning of a individual component
- and a group definition.
+ Suppose you wish to restrict User Management operations to users belonging to a <link linkend="Configuring-Group-Providers">group</link> 'usermaint'. No other user
+ is allowed to perform user maintainence This example illustrates the permissioning of an individual component.
</para>
<programlisting>
- # Create a group usermaint with members bob and alice
- GROUP usermaint bob alice
# Give operator permission to execute all JMX Methods
ACL ALLOW usermaint ALL METHOD component="UserManagement"
ACL DENY ALL ALL METHOD component="UserManagement"
Modified: qpid/trunk/qpid/doc/book/src/java-broker/Configure-AuthenticationProviders.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/Configure-AuthenticationProviders.xml?rev=1379980&r1=1379979&r2=1379980&view=diff
==============================================================================
--- qpid/trunk/qpid/doc/book/src/java-broker/Configure-AuthenticationProviders.xml (original)
+++ qpid/trunk/qpid/doc/book/src/java-broker/Configure-AuthenticationProviders.xml Sun Sep 2 14:34:48 2012
@@ -21,7 +21,7 @@
-->
-<section>
+<section id="Configuring-Authentication-Mechanisms">
<title>Configuring Authentication Mechanisms</title>
<para>
In order to successfully establish a connection to the Java Broker, the connection must be
Added: qpid/trunk/qpid/doc/book/src/java-broker/Configure-Group-Providers.xml
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/doc/book/src/java-broker/Configure-Group-Providers.xml?rev=1379980&view=auto
==============================================================================
--- qpid/trunk/qpid/doc/book/src/java-broker/Configure-Group-Providers.xml (added)
+++ qpid/trunk/qpid/doc/book/src/java-broker/Configure-Group-Providers.xml Sun Sep 2 14:34:48 2012
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+
+<section id="Configuring-Group-Providers">
+ <title>Configuring Group Providers</title>
+ <para>
+ The Java broker utilises GroupProviders to allow assigning users to groups for use in <link linkend="Configuring-ACLS">ACLs</link>. Following authentication by a given <link linkend="Configuring-Authentication-Mechanisms">Authentication Provider</link>, the configured Group Providers are consulted to allowing assignment of GroupPrincipals for a given authenticated user.
+ </para>
+
+
+ <section role="h3" id="File-Group-Manager">
+ <title>FileGroupManager</title>
+ <para>
+ The FileGroupManager allows specifying group membership in a flat file on disk, and is also exposed for inspection and update through the brokers HTTP management interface.
+ </para>
+ <para>
+ To enable the FileGroupManager, add the following configuration to the config.xml, adjusting the groupFile attribute value to match your desired groups file location.
+ </para>
+
+ <programlisting><![CDATA[
+ ...
+ <security>
+ <file-group-manager>
+ <attributes>
+ <attribute>
+ <name>groupFile</name>
+ <value>${conf}/groups</value>
+ </attribute>
+ </attributes>
+ </file-group-manager>
+ </security>]]>
+ ...
+</programlisting>
+
+ <section role="h4" id="File-Group-Manager-FileFormat">
+ <title>File Format</title>
+ <para>
+ The groups file has the following format:
+ </para>
+ <programlisting>
+ # <GroupName>.users = <comma deliminated user list>
+ # For example:
+
+ administrators.users = admin,manager
+</programlisting>
+ <para>
+ Only users can be added to a group currently, not other groups. Usernames can't contain commas.
+ </para><para>
+ Lines starting with a '#' are treated as comments when opening the file, but these are not preserved when the broker updates the file due to changes made through the management interface.
+ </para>
+ </section>
+ </section>
+</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org