qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Kennedy (JIRA)" <qpid-...@incubator.apache.org>
Subject [jira] Commented: (QPID-2538) Add XML configuration syntax for ACLs in Java broker
Date Tue, 27 Apr 2010 09:19:31 GMT

    [ https://issues.apache.org/jira/browse/QPID-2538?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12861322#action_12861322
] 

Andrew Kennedy commented on QPID-2538:
--------------------------------------

this is an example  of a mapping between xml and c++ acl syntax.

== virtualhosts.xml ==
<virtualhosts>
    <virtualhost>
        <localhost>
            <security>
                <!-- access control list (plain text AND xml) configuration -->
                <access>
                    <plugin>
                        org.apache.qpid.server.security.access.plugin.AccessControl
                    </plugin>

                    <config>
                        <!-- plain text -->
                        <plain file="${conf}/access-control" />

                        <!-- external xml c.f. firewall -->
                        <xml file="${conf}/access.xml" />

                        <!-- internal xml (alternative) -->
                        <rules>
                            <!-- acl entries ... -->
                        </rules>
                    </config>
                </accses>
            </security>
        </localhost>
    </virtualhost>
</virtualhosts>
==

== access.xml ==
<rules>
    <!-- allow adk access to this virtual host -->
    <acl permission="ALLOW" identity="adk" operation="ACCESS" object="VIRTUALHOST" />

    <!-- allow creating temporary queues and queues with names matching adk.* -->
    <acl permission="ALLOW-LOG" identity="adk" operation="BIND" object="EXCHANGE">
        <properties>
            <property key="routingKey" value="adk.*" />
            <property key="name" value="amq.direct" />
        </properties>
    </acl>
    <acl permission="ALLOW-LOG" identity="adk" operation="BIND" object="EXCHANGE">
        <properties>
            <property key="routingKey" value="tmp.*" />
            <property key="name" value="amq.direct" />
        </properties>
    </acl>
    <acl permission="ALLOW" identity="adk" operation="CREATE" object="QUEUE">
        <properties>
            <property key="name" value="adk.*" />
            <property key="owner" value="adk" />
        </properties>
    </acl>
    <acl permission="ALLOW" identity="adk" operation="CREATE" object="QUEUE">
        <properties>
            <property key="temporary" value="true" />
            <property key="owner" value="adk" />
        </properties>
    </acl>

    <!-- allow publish and consume of messages on the queues -->
    <acl permission="ALLOW" identity="adk" operation="CONSUME" object="QUEUE">
        <properties>
            <property key="name" value="adk.*" />
        </properties>
    </acl>
    <acl permission="ALLOW" identity="adk" operation="PUBLISH" object="QUEUE">
        <properties>
            <property key="name" value="adk.*" />
        </properties>
    </acl>

    <!-- default deny -->
    <acl    permission="DENY" identity="ANY"
            operation="ALL" object="ALL" />
</rules>
==

== access-control ==
# allow adk access to this virtual host
ALLOW "adk@iterator" ACCESS VIRTUALHOST

# allow creating temporary queues and queues with names matching adk.*
ALLOW-LOG adk BIND EXCHANGE routingKey=adk.* name=amq.direct
ALLOW-LOG adk BIND EXCHANGE routingKey=tmp.*" name=amq.direct
ALLOW adk CREATE QUEUE name=adk.* owner=adk
ALLOW adk CREATE QUEUE temporary=true owner=adk

# allow publish and consume of messages on the queues
ALLOW adk CONSUME QUEUE name=adk.*
ALLOW adk PUBLISH QUEUE name=adk.*

# default deny
DENY ANY ALL ALL
==

> Add XML configuration syntax for ACLs in Java broker
> ----------------------------------------------------
>
>                 Key: QPID-2538
>                 URL: https://issues.apache.org/jira/browse/QPID-2538
>             Project: Qpid
>          Issue Type: Sub-task
>          Components: Java Broker
>            Reporter: Andrew Kennedy
>             Fix For: 0.7
>
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:dev-subscribe@qpid.apache.org


Mime
View raw message