You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by bryand <br...@bldixon.net> on 2018/01/23 13:25:53 UTC
How to define RulesBased ACLs using Qpid Broker-J 7.0.0
I'm using qpid-broker-j-7.0.0 and can't find anything in the documentation
(https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Security-AccessControlProviders.html)
for how to define rule based ACLs.
In the documentation it states:
ACLFile - an older provider that references an externally provided ACL file
(or data url). This provider is deprecated.
Since ACLFile is deprecated and I'm setting up a new Qpid Broker-J
environment, I don't want to use that. However, if I pick RulesBased in the
Web Management Console I don't have any options to enter the rules - how do
I define the rules?
--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: How to define RulesBased ACLs using Qpid Broker-J 7.0.0
Posted by bryand <br...@bldixon.net>.
Thanks for the info. I was able to get the acls defined via the REST API
Update. There were a few little quirks I ran into where the documentation
on the ACL page
(https://qpid.apache.org/releases/qpid-broker-j-7.0.1/book/Java-Broker-Security-AccessControlProviders.html#Java-Broker-Security-AccessControlProviders-ACLRules)
didn't match what some of the enum values were such as:
Failed: RestfulWsException [responseStatusCode=422, responseBody={
"errorMessage" : "No enum constant
org.apache.qpid.server.security.access.plugins.RuleOutcome.ALLOW-LOG"
Failed: RestfulWsException [responseStatusCode=422, responseBody={
"errorMessage" : "No enum constant
org.apache.qpid.server.security.access.config.ObjectProperties.Property.ROUTINGKEY"
but I was able to transform values as necessary for the REST API call
--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: How to define RulesBased ACLs using Qpid Broker-J 7.0.0
Posted by Rob Godfrey <ro...@gmail.com>.
On 23 January 2018 at 13:25, bryand <br...@bldixon.net> wrote:
> I'm using qpid-broker-j-7.0.0 and can't find anything in the documentation
> (https://qpid.apache.org/releases/qpid-broker-j-7.0.0/
> book/Java-Broker-Security-AccessControlProviders.html)
> for how to define rule based ACLs.
>
> In the documentation it states:
> ACLFile - an older provider that references an externally provided ACL file
> (or data url). This provider is deprecated.
>
> Since ACLFile is deprecated and I'm setting up a new Qpid Broker-J
> environment, I don't want to use that. However, if I pick RulesBased in
> the
> Web Management Console I don't have any options to enter the rules - how
> do
> I define the rules?
>
>
>
Apologies, the UI should really expose the features of the underlying REST
API here to help.
The basic structure of the configuration of a RuleBase ACL Provider is
defined by
https://github.com/apache/qpid-broker-j/blob/master/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProvider.java
That is there is an attribute of this object named "rules" which contains a
list of rule instances (serialised as json objects). The rule objects
essentially correspond to the form of the "legacy" rules (see the default
value as an example of the format). You can set the value of the rules
attribute through the REST API [1]
The provider also allows a "legacy" ACL file to be uploaded directly
through the "loadFromFile" operation[2] which takes a query parameter
"path" which points to a path on the machine running the broker.
Hope this helps,
Rob
[1]
https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Management-Channel-REST-API.html#Java-Broker-Management-Channel-REST-API-Update
[2]
https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Management-Channel-REST-API.html#Java-Broker-Management-Channel-REST-API-Operations
>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-
> f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>