qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kw...@apache.org
Subject svn commit: r1530457 [11/30] - in /qpid/site: docs/components/java-broker/book/ docs/components/java-broker/book/images/ input/components/java-broker/book/ input/components/java-broker/book/images/
Date Tue, 08 Oct 2013 22:56:29 GMT
Modified: qpid/site/docs/components/java-broker/book/Java-Broker-Security-ACLs.html
URL: http://svn.apache.org/viewvc/qpid/site/docs/components/java-broker/book/Java-Broker-Security-ACLs.html?rev=1530457&r1=1530456&r2=1530457&view=diff
==============================================================================
--- qpid/site/docs/components/java-broker/book/Java-Broker-Security-ACLs.html (original)
+++ qpid/site/docs/components/java-broker/book/Java-Broker-Security-ACLs.html Tue Oct  8 22:56:26 2013
@@ -1,40 +1,35 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>10.4. Access Control Lists</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 10. Security"><link rel="prev" href="Java-Broker-Security-Authentication-Providers.html" title="10.3. Authentication Providers"><link rel="next" href="Java-Broker-Security-SSL.html" title="10.5. SSL"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpid™</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="
 http://qpid.apache.org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists
 .html">Mailing Lists</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A h
 ref="http://www.apache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> &gt; <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> &gt; <span class="breadcrumb-node">Access Control Lists</span></DIV><div class="section" title="10.4. Access Control Lists"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-ACLs"></a>10.4. Access Control Lists</h2></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>11.3. Access Control Lists</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 11. Security"><link rel="prev" href="Java-Broker-Security-Group-Providers.html" title="11.2. Group Providers"><link rel="next" href="Java-Broker-Security-SSL.html" title="11.4. SSL"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpid™</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="http://qpid.apache
 .org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing Lis
 ts</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.ap
 ache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> &gt; <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> &gt; <span class="breadcrumb-node">Access Control Lists</span></DIV><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-ACLs"></a>11.3. Access Control Lists</h2></div></div></div><p>
     In Qpid, Access Control Lists (ACLs) specify which actions can be performed by each authenticated user.
-    To enable, the &lt;acl/&gt; element is used within the &lt;security/&gt; element of the configuration XML.
-    In the Java Broker, the ACL may be imposed broker wide or applied to individual virtual
-    hosts.  The  &lt;acl/&gt; configuration references a text file containing the ACL rules.
+    To enable, an <span class="emphasis"><em>Access Control Provider</em></span> needs to be configured on the <span class="emphasis"><em>Broker</em></span>
+    level or/and ACL configuration should be provided on a <span class="emphasis"><em>Virtual Host</em></span> level.
+    The first imposes the ACL broker wide, and the second is applied to individual virtual hosts.
+    The <span class="emphasis"><em>Access Control Provider</em></span> of type "AclFile" uses local file to specify the ACL rules.
     By convention, this file should have a .acl extension.
-  </p><div class="section" title="10.4.1.  Enabling ACLs"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-EnablingACL"></a>10.4.1. 
-       Enabling ACLs
-    </h3></div></div></div><p>
-      To apply an ACL broker-wide, add the following to the config.xml (assuming that <em class="replaceable"><code>conf</code></em> has been set to a suitable
-      location such as ${QPID_HOME}/etc):
-    </p><pre class="programlisting">
-      &lt;broker&gt;
-        ...
-        &lt;security&gt;
-          ...
-          &lt;acl&gt;<em class="replaceable"><code>${conf}/broker.acl</code></em>&lt;/acl&gt;
-        &lt;/security&gt;
-      &lt;/broker&gt;
-    </pre><p>
-    </p><p>
-      To apply an ACL on a single virtualhost named <em class="replaceable"><code>test</code></em>, add the following to the config.xml:
-    </p><pre class="programlisting">
-      &lt;virtualhost&gt;
-        ...
-        &lt;name&gt;test&lt;/name&gt;
-        &lt;test&gt;
-          ...
-          &lt;security&gt;
-            &lt;acl&gt;<em class="replaceable"><code>${conf}/vhost_test.acl</code></em>&lt;/acl&gt;
-          &lt;/security&gt;
-        &lt;/test&gt;
-      &lt;/virtualhost&gt;
-    </pre></div><div class="section" title="10.4.2.  Writing .acl files"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-WriteACL"></a>10.4.2. 
+  </p><p>
+    A Group Provider can be configured with ACL to define the user groups which can be used in ACL
+    to determine the ACL rules applicable to the entire group. The configuration details for the Group Providers are described in
+    <a class="xref" href="Java-Broker-Security-Group-Providers.html" title="11.2. Group Providers">Section 11.2, “Group Providers”</a>. On creation of ACL Provider with group rules,
+    the Group Provider should be added first. Otherwise, if the individual ACL rules are not defined for the logged principal
+    the following invocation of management operations could be denied due to absence of the required groups.</p><p>Only one <span class="emphasis"><em>Access Control Provider</em></span> can be used by the Broker.
+    If several <span class="emphasis"><em>Access Control Providers</em></span> are configured on Broker level
+    only one of them will be used (the latest one). <a class="xref" href="Java-Broker-Virtual-Hosts-Configuration-File-ACL.html" title="14.2. Configuring ACL">Section 14.2, “Configuring ACL”</a>
+    shows how to configure ACL on <span class="emphasis"><em>Virtual Host</em></span> using virtual host configuration xml.
+    If both Broker <span class="emphasis"><em>Access Control Provider</em></span> and <span class="emphasis"><em>Virtual Host</em></span> ACL are configured,
+    the <span class="emphasis"><em>Virtual Host</em></span> ACL is used for authorization of operations on <span class="emphasis"><em>Virtual Host</em></span> and
+    Virtual Host objects and Broker level ACL is used to authorization of operations on Broker and Broker children
+    (excluding Virtual Hosts having ACL configured).
+  </p><p>
+    The ACL Providers can be configured using <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-REST-API" title="5.2.4. REST API">REST Management interfaces</a>
+    and <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">Web Management Console</a>.
+  </p><p>The following ACL Provider managing operations are available from Web Management Console:
+    </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A new ACL Provider can be added by clicking onto "Add Access Control Provider" on the Broker tab.</p></li><li class="listitem"><p>An ACL Provider details can be viewed on the Access Control Provider tab.
+        The tab is shown after clicking onto ACL Provider name in the Broker object tree or after clicking
+        onto ACL Provider row in ACL Providers grid on the Broker tab.</p></li><li class="listitem"><p>An existing ACL Provider can be deleted by clicking onto buttons "Delete Access Control Provider"
+        on the Broker tab or Access Control Provider tab.</p></li></ul></div><p>
+  </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-WriteACL"></a>11.3.1. 
        Writing .acl files
     </h3></div></div></div><p>
-      The ACL file consists of a series of rules associating behaviour for a user or group. Use of groups can serve to make the ACL file more concise. See <a class="link" href="Java-Broker-Security-Group-Providers.html" title="10.2. Configuring Group Providers">Configuring Group Providers</a> for more information on defining groups.
+      The ACL file consists of a series of rules associating behaviour for a user or group. Use of groups can serve to make the ACL file more concise. See <a class="link" href="Java-Broker-Security-Group-Providers.html" title="11.2. Group Providers">Configuring Group Providers</a> for more information on defining groups.
     </p><p>
       Each ACL rule grants or denies a particular action on an object to a user/group.  The rule may be augmented with one or more properties, restricting
       the rule's applicability.
@@ -67,7 +62,7 @@
       ACL rules are very powerful: it is possible to write very granular rules specifying many broker objects and their
       properties.  Most projects probably won't need this degree of flexibility.  A reasonable approach is to choose to apply permissions
       at a certain level of abstraction (e.g. QUEUE) and apply them consistently across the whole system.
-    </p></div><div class="section" title="10.4.3.  Syntax"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-Syntax"></a>10.4.3. 
+    </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-Syntax"></a>11.3.2. 
        Syntax
     </h3></div></div></div><p>
        ACL rules follow this syntax:
@@ -80,8 +75,8 @@
       ACL ALLOW admin CREATE ALL # Also a comment
       ACL DENY guest \
       ALL ALL   # A broken line
-    </pre></div><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_permissions"></a><p class="title"><b>Table 10.1. List of ACL permission</b></p><div class="table-contents"><table summary="List of ACL permission" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>ALLOW</strong></span></td><td><p>Allow the action</p></td></tr><tr><td><span class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action and log the action in the log </p></td></tr><tr><td><span class="command"><strong>DENY</strong></span></td><td><p> Deny the action</p></td></tr><tr><td><span class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action and log the action in the log</p></td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_actions"></a><p class="title"><b>Table 10.2. List of ACL actions</b></p><div class="table-contents"><table summary=
 "List of ACL actions" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when subscriptions are created </p> </td></tr><tr><td> <span class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per message basis on publish message transfers</p> </td></tr><tr><td> <span class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an object is created, such as bindings, queues, exchanges</p> </td></tr><tr><td> <span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when an object is read or accessed</p> </td></tr><tr><td> <span class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues are bound to exchanges</p> </td></tr><tr><td> <span class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when queues are unbound from exchanges</p> </td></tr><tr><td> <span class="command"><strong>DELETE</strong></span> </td><td> <p> Applie
 d when objects are deleted </p> </td></tr><tr><td> <span class="command"><strong>PURGE</strong></span> </td><td>
-          <p>Applied when purge the contents of a queue</p> </td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when an object is updated </p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_objects"></a><p class="title"><b>Table 10.3. List of ACL objects</b></p><div class="table-contents"><table summary="List of ACL objects" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p>A virtualhost (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>MANAGEMENT </strong></span> </td><td> <p>Management - for web and JMX (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>QUEUE</strong></span> </td><td> <p>A queue </p> </td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> </td><td> <p>An exchange </p> </td></tr><tr><td> <span class=
 "command"><strong>USER</strong></span> </td><td> <p>A user (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>GROUP</strong></span> </td><td> <p>A group (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>METHOD</strong></span> </td><td> <p>Management or agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>LINK</strong></span> </td><td> <p>A federation or inter-broker link (not currently used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>BROKER</strong></span> </td><td> <p>The broker (not currently used in Java Broker)</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_properties"></a><p class="title"><b>Table 10.4. List of ACL properties</b></p><div class="table-contents"><table summary="List of ACL properties" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><s
 trong>name</strong></span> </td><td> <p> String. Object name, such as a queue name, exchange name or JMX method name.  </p> </td></tr><tr><td> <span class="command"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> <span class="command"><strong>routingkey</strong></span> </td><td> <p> String. Specifies routing key </p> </td></tr><tr><td> <span class="command"><strong>passive</strong></span> </td><td> <p> Boolean. Indicates the presence of a <em class="parameter"><code>passive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. Indicates whether or not the object gets deleted when the connection is closed </p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>temporary</str
 ong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>temporary</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span> </td><td> <p> String. Type of object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of the alternate exchange </p> </td></tr><tr><td> <span class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of the queue (used only when the object is something other than <em class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span class="command"><strong>component</strong></span> </td><td> <p> String. JMX component name (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>schemapackage</strong></span> </td><td> <p> String. QMF schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>schemaclass</strong></span> </td><td>
  <p> String. QMF schema class name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>from_network</strong></span> </td><td>
+    </pre></div><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_permissions"></a><p class="title"><b>Table 11.1. List of ACL permission</b></p><div class="table-contents"><table summary="List of ACL permission" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>ALLOW</strong></span></td><td><p>Allow the action</p></td></tr><tr><td><span class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action and log the action in the log </p></td></tr><tr><td><span class="command"><strong>DENY</strong></span></td><td><p> Deny the action</p></td></tr><tr><td><span class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action and log the action in the log</p></td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_actions"></a><p class="title"><b>Table 11.2. List of ACL actions</b></p><div class="table-contents"><table summary=
 "List of ACL actions" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when subscriptions are created </p> </td></tr><tr><td> <span class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per message basis on publish message transfers</p> </td></tr><tr><td> <span class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an object is created, such as bindings, queues, exchanges</p> </td></tr><tr><td> <span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when an object is read or accessed</p> </td></tr><tr><td> <span class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues are bound to exchanges</p> </td></tr><tr><td> <span class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when queues are unbound from exchanges</p> </td></tr><tr><td> <span class="command"><strong>DELETE</strong></span> </td><td> <p> Applie
 d when objects are deleted </p> </td></tr><tr><td> <span class="command"><strong>PURGE</strong></span> </td><td>
+          <p>Applied when purge the contents of a queue</p> </td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when an object is updated </p> </td></tr><tr><td> <span class="command"><strong>CONFIGURE</strong></span> </td><td> <p> Applied when an object is configured via REST management interfaces(Java Broker only).</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_objects"></a><p class="title"><b>Table 11.3. List of ACL objects</b></p><div class="table-contents"><table summary="List of ACL objects" border="1"><colgroup><col><col></colgroup><tbody><tr><td> <span class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p>A virtualhost (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>MANAGEMENT </strong></span> </td><td> <p>Management - for web and JMX (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>QUE
 UE</strong></span> </td><td> <p>A queue </p> </td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> </td><td> <p>An exchange </p> </td></tr><tr><td> <span class="command"><strong>USER</strong></span> </td><td> <p>A user (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>GROUP</strong></span> </td><td> <p>A group (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>METHOD</strong></span> </td><td> <p>Management or agent or broker method (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>LINK</strong></span> </td><td> <p>A federation or inter-broker link (not currently used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>BROKER</strong></span> </td><td> <p>The broker</p> </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_properties"></a><p class="title"><b>Table 11.4. List of ACL properties</b></p><div 
 class="table-contents"><table summary="List of ACL properties" border="1"><colgroup><col><col></colgroup><tbody><tr><td><span class="command"><strong>name</strong></span> </td><td> <p> String. Object name, such as a queue name, exchange name or JMX method name.  </p> </td></tr><tr><td> <span class="command"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> <span class="command"><strong>routingkey</strong></span> </td><td> <p> String. Specifies routing key </p> </td></tr><tr><td> <span class="command"><strong>passive</strong></span> </td><td> <p> Boolean. Indicates the presence of a <em class="parameter"><code>passive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. Indicates whether or not the object gets deleted when the connection is closed </p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> </td><td> <p> Boolean. Indicate
 s the presence of an <em class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>temporary</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span> </td><td> <p> String. Type of object, such as topic, fanout, or xml </p> </td></tr><tr><td> <span class="command"><strong>alternate</strong></span> </td><td> <p> String. Name of the alternate exchange </p> </td></tr><tr><td> <span class="command"><strong>queuename</strong></span> </td><td> <p> String. Name of the queue (used only when the object is something other than <em class="parameter"><code>queue</code></em> </p> </td></tr><tr><td> <span class="command"><strong>component</strong></span> </td><td> <p> String. JMX component name (Java Broker only)</p> </td></tr><tr><td> <span class="command"><strong>schemapackage</strong></span> </td><td> <p> Stri
 ng. QMF schema package name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>schemaclass</strong></span> </td><td> <p> String. QMF schema class name (Not used in Java Broker)</p> </td></tr><tr><td> <span class="command"><strong>from_network</strong></span> </td><td>
             <p>
               Comma-separated strings representing IPv4 address ranges.
             </p>
@@ -125,12 +120,12 @@
             <p>
               Java Broker only.
             </p>
-          </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_javacomponents"></a><p class="title"><b>Table 10.5. List of ACL rules</b></p><div class="table-contents"><table summary="List of ACL rules" border="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span class="command"><strong>UserManagement</strong></span> </td><td> <p>User maintainance; create/delete/view users, change passwords etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>ConfigurationManagement</strong></span> </td><td> <p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>LoggingManagement</strong></span> </td><td> <p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>Server
 Information</strong></span> </td><td> <p>Read-only information regarding the Qpid: version number etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue maintainance; copy/move/purge/view etc</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Exchange</strong></span> </td><td> <p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td> <p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td class="auto-generated"> </td></tr></tbody></table></div></div><br class="table-break"><div class="section" title="10.4.4.  Worked Examples"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-WorkedExamples"></a>10.4.4. 
+          </td></tr></tbody></table></div></div><br class="table-break"><div class="table"><a name="table-Java-Broker-Security-ACLs-Syntax_javacomponents"></a><p class="title"><b>Table 11.5. List of ACL rules</b></p><div class="table-contents"><table summary="List of ACL rules" border="1"><colgroup><col><col><col></colgroup><tbody><tr><td> <span class="command"><strong>UserManagement</strong></span> </td><td> <p>User maintainance; create/delete/view users, change passwords etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>ConfigurationManagement</strong></span> </td><td> <p>Dynammically reload configuration from disk.</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>LoggingManagement</strong></span> </td><td> <p>Dynammically control Qpid logging level</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>Server
 Information</strong></span> </td><td> <p>Read-only information regarding the Qpid: version number etc</p> </td><td> <p>permissionable at broker level only</p> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Queue</strong></span> </td><td> <p>Queue maintainance; copy/move/purge/view etc</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.Exchange</strong></span> </td><td> <p>Exchange maintenance; bind/unbind queues to exchanges</p> </td><td class="auto-generated"> </td></tr><tr><td> <span class="command"><strong>VirtualHost.VirtualHost</strong></span> </td><td> <p>Virtual host maintainace; create/delete exchanges, queues etc</p> </td><td class="auto-generated"> </td></tr></tbody></table></div></div><br class="table-break"><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-Security-ACLs-WorkedExamples"></a>11.3.3. 
       Worked Examples
     </h3></div></div></div><p>
       Here are some example ACLs illustrating common use cases.
       In addition, note that the Java broker provides a complete example ACL file, located at etc/broker_example.acl.
-    </p><div class="section" title="10.4.4.1.  Worked example 1 - Management rights"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample1"></a>10.4.4.1. 
+    </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample1"></a>11.3.3.1. 
         Worked example 1 - Management rights
       </h4></div></div></div><p>
         Suppose you wish to permission two users: a user 'operator' must be able to perform all Management operations, and
@@ -149,11 +144,11 @@ ACL ALLOW readonly ACCESS ALL
 ...
 # Explicitly deny all (log) to eveyone
 ACL DENY-LOG ALL ALL
-      </pre></div><div class="section" title="10.4.4.2.  Worked example 2 - User maintainer group"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample2"></a>10.4.4.2. 
+      </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample2"></a>11.3.3.2. 
         Worked example 2 - User maintainer group
       </h4></div></div></div><p>
         Suppose you wish to restrict User Management operations to users belonging to a
-        <a class="link" href="Java-Broker-Security-Group-Providers.html" title="10.2. Configuring Group Providers">group</a> 'usermaint'.  No other user
+        <a class="link" href="Java-Broker-Security-Group-Providers.html" title="11.2. Group Providers">group</a> 'usermaint'.  No other user
         is allowed to perform user maintainence  This example illustrates the permissioning of an individual component.
       </p><pre class="programlisting">
 # Give usermaint access to management and permission to execute all JMX Methods on the
@@ -167,7 +162,7 @@ ACL DENY ALL ALL USER
 ... rules for other users
 ...
 ACL DENY-LOG ALL ALL
-      </pre></div><div class="section" title="10.4.4.3.  Worked example 3 - Request/Response messaging"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample3"></a>10.4.4.3. 
+      </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample3"></a>11.3.3.3. 
         Worked example 3 - Request/Response messaging
       </h4></div></div></div><p>
         Suppose you wish to permission a system using a request/response paradigm. Two users: 'client' publishes requests;
@@ -198,7 +193,7 @@ ACL ALLOW server BIND EXCHANGE
 ACL ALLOW server PUBLISH EXCHANGE name="amq.direct" routingKey="TempQueue*"
 
 ACL DENY-LOG all all
-      </pre></div><div class="section" title="10.4.4.4.  Worked example 4 - firewall-like access control"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample4"></a>10.4.4.4. 
+      </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample4"></a>11.3.3.4. 
         Worked example 4 - firewall-like access control
       </h4></div></div></div><p>
         This example illustrates how to set up an ACL that restricts the IP addresses and hostnames
@@ -229,4 +224,45 @@ ACL DENY-LOG messaging-users ACCESS VIRT
   from_network="192.169.1.*,192.169.2.*"
 
 ACL DENY-LOG all all
-      </pre></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security-Authentication-Providers.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Security-SSL.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">10.3. Authentication Providers </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 10.5. SSL</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
+      </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="Java-Broker-Security-ACLs-WorkedExample5"></a>11.3.3.5. 
+        Worked example 5 - REST management ACL example
+      </h4></div></div></div><p>
+        This example illustrates how to set up an ACL that restricts usage of REST management interfaces.
+      </p><pre class="programlisting">
+# allow to the users from webadmins group to change broker model
+# this rule allows adding/removing/editing of Broker level objects:
+# Broker, Virtual Host, Group Provider, Authentication Provider, Port, Access Control Provider etc
+ACL ALLOW-LOG webadmins CONFIGURE BROKER
+
+# allow to the users from webadmins group to perform
+# create/update/delete on Virtual Host children
+ACL ALLOW-LOG webadmins CREATE QUEUE
+ACL ALLOW-LOG webadmins UPDATE QUEUE
+ACL ALLOW-LOG webadmins DELETE QUEUE
+ACL ALLOW-LOG webadmins PURGE  QUEUE
+ACL ALLOW-LOG webadmins CREATE EXCHANGE
+ACL ALLOW-LOG webadmins DELETE EXCHANGE
+ACL ALLOW-LOG webadmins BIND   EXCHANGE
+ACL ALLOW-LOG webadmins UNBIND EXCHANGE
+
+# allow to the users from webadmins group to create/update/delete groups on Group Providers
+ACL ALLOW-LOG webadmins CREATE GROUP
+ACL ALLOW-LOG webadmins DELETE GROUP
+ACL ALLOW-LOG webadmins UPDATE GROUP
+
+# allow to the users from webadmins group to create/update/delete users for Authentication Providers
+ACL ALLOW-LOG webadmins CREATE USER
+ACL ALLOW-LOG webadmins DELETE USER
+ACL ALLOW-LOG webadmins UPDATE USER
+
+# allow to the users from webadmins group to move, copy and delete messagaes
+# using REST management interfaces
+ACL ALLOW-LOG webadmins UPDATE METHOD
+
+# at the moment only the following UPDATE METHOD rules are supported by web management console
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="moveMessages"
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="copyMessages"
+#ACL ALLOW-LOG webadmins UPDATE METHOD component="VirtualHost.Queue" name="deleteMessages"
+
+ACL DENY-LOG all all
+      </pre></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security-Group-Providers.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Security-SSL.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">11.2. Group Providers </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 11.4. SSL</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>

Modified: qpid/site/docs/components/java-broker/book/Java-Broker-Security-Group-Providers.html
URL: http://svn.apache.org/viewvc/qpid/site/docs/components/java-broker/book/Java-Broker-Security-Group-Providers.html?rev=1530457&r1=1530456&r2=1530457&view=diff
==============================================================================
--- qpid/site/docs/components/java-broker/book/Java-Broker-Security-Group-Providers.html (original)
+++ qpid/site/docs/components/java-broker/book/Java-Broker-Security-Group-Providers.html Tue Oct  8 22:56:26 2013
@@ -1,23 +1,23 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>10.2. Configuring Group Providers</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 10. Security"><link rel="prev" href="Java-Broker-Security.html" title="Chapter 10. Security"><link rel="next" href="Java-Broker-Security-Authentication-Providers.html" title="10.3. Authentication Providers"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpid™</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A><
 /LI><LI><A href="http://qpid.apache.org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.
 org/mailing_lists.html">Mailing Lists</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home
 </A></LI><LI><A href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> &gt; <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> &gt; <span class="breadcrumb-node">Configuring Group Providers</span></DIV><div class="section" title="10.2. Configuring Group Providers"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-Group-Providers"></a>10.2. Configuring Group Providers</h2></div></div></div><p>
-    The Java broker utilises GroupProviders to allow assigning users to groups for use in <a class="link" href="Java-Broker-Security-ACLs.html" title="10.4. Access Control Lists">ACLs</a>. Following authentication by a given <a class="link" href="Java-Broker-Security-Authentication-Providers.html" title="10.3. Authentication Providers">Authentication Provider</a>, the configured Group Providers are consulted to allowing assignment of GroupPrincipals for a given authenticated user.
-  </p><div class="section" title="10.2.1. FileGroupManager"><div class="titlepage"><div><div><h3 class="title"><a name="File-Group-Manager"></a>10.2.1. FileGroupManager</h3></div></div></div><p>
-      The FileGroupManager allows specifying group membership in a flat file on disk, and is also exposed for inspection and update through the brokers HTTP management interface.
-    </p><p>
-      To enable the FileGroupManager, add the following configuration to the config.xml, adjusting the groupFile attribute value to match your desired groups file location.
-    </p><pre class="programlisting">
-    ...
-    &lt;security&gt;
-        &lt;file-group-manager&gt;
-            &lt;attributes&gt;
-              &lt;attribute&gt;
-                &lt;name&gt;groupFile&lt;/name&gt;
-                 &lt;value&gt;${conf}/groups&lt;/value&gt;
-              &lt;/attribute&gt;
-            &lt;/attributes&gt;
-        &lt;/file-group-manager&gt;
-    &lt;/security&gt;
-    ...
-</pre><div class="section" title="10.2.1.1. File Format"><div class="titlepage"><div><div><h4 class="title"><a name="File-Group-Manager-FileFormat"></a>10.2.1.1. File Format</h4></div></div></div><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>11.2. Group Providers</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 11. Security"><link rel="prev" href="Java-Broker-Security.html" title="Chapter 11. Security"><link rel="next" href="Java-Broker-Security-ACLs.html" title="11.3. Access Control Lists"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpid™</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="http://qpid.apache.
 org/download.html">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing List
 s</A></LI><LI><A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.apa
 che.org/foundation/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> &gt; <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> &gt; <span class="breadcrumb-node">Group Providers</span></DIV><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-Group-Providers"></a>11.2. Group Providers</h2></div></div></div><p>
+    The Java broker utilises GroupProviders to allow assigning users to groups for use in <a class="link" href="Java-Broker-Security-ACLs.html" title="11.3. Access Control Lists">ACLs</a>.
+    Following authentication by a given <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Authentication-Providers" title="11.1. Authentication Providers">Authentication Provider</a>,
+    the configured Group Providers are consulted allowing the assignment of GroupPrincipals for a given authenticated user. Any number of
+    Group Providers can be added into the Broker. All of them will be checked for the presence of the groups for a given authenticated user.
+  </p><p>The <span class="emphasis"><em>Group Provider</em></span> can be configured using <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-REST-API" title="5.2.4. REST API">
+  REST Management interfaces</a> and <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">Web Management Console</a>.</p><p>The following <span class="emphasis"><em>Group Provider</em></span> managing operations are available from Web Management Console:
+    </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A new Group Provider can be added by clicking onto "Add Group Provider" button on a Broker tab.</p></li><li class="listitem"><p>An existing providers can be removed by pressing "Delete Group Provider" button
+         on Broker tab or Group Provider tab.</p></li><li class="listitem"><p>On clicking onto provider name in the Group Providers grid or Broker object tree,
+         the tab for the Group Provider is displayed.</p></li><li class="listitem"><p>A new group can be added into the Group Provider by clicking onto "Add Group" button on provider tab.</p></li><li class="listitem"><p>An existing group can be deleted from the Group Provider by clicking onto "Delete Group" button on provider tab.</p></li><li class="listitem"><p>On clicking onto group name in the groups grid, the tab with the list of existing
+        group members is displayed for the Group.</p></li><li class="listitem"><p>From the Group tab a new member can be added into a group or existing members can be deleted
+        from a group by clicking on "Add Group Member" or "Remove Group Members" accordingly.</p></li></ul></div><p>
+   </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="File-Group-Manager"></a>11.2.1. GroupFile Provider</h3></div></div></div><p>
+      The <span class="emphasis"><em>GroupFile</em></span> Provider allows specifying group membership in a flat file on disk.
+      On adding a new GroupFile Provider the path to the groups file is required to be specified.
+      If file does not exist an empty file is created automatically. On deletion of GroupFile Provider
+      the groups file is deleted as well. Only one instance of "GroupFile" Provider per groups file location can be created.
+      On attempt to create another GroupFile Provider pointing to the same location the error will be displayed and
+      the creation will be aborted.
+    </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a name="File-Group-Manager-FileFormat"></a>11.2.1.1. File Format</h4></div></div></div><p>
             The groups file has the following format:
           </p><pre class="programlisting">
     # &lt;GroupName&gt;.users = &lt;comma deliminated user list&gt;
@@ -28,4 +28,4 @@
             Only users can be added to a group currently, not other groups. Usernames can't contain commas.
           </p><p>
             Lines starting with a '#' are treated as comments when opening the file, but these are not preserved when the broker updates the file due to changes made through the management interface.
-          </p></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Security-Authentication-Providers.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 10. Security </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 10.3. Authentication Providers</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
+          </p></div></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Security-ACLs.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 11. Security </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 11.3. Access Control Lists</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>

Modified: qpid/site/docs/components/java-broker/book/Java-Broker-Security-SSL.html
URL: http://svn.apache.org/viewvc/qpid/site/docs/components/java-broker/book/Java-Broker-Security-SSL.html?rev=1530457&r1=1530456&r2=1530457&view=diff
==============================================================================
--- qpid/site/docs/components/java-broker/book/Java-Broker-Security-SSL.html (original)
+++ qpid/site/docs/components/java-broker/book/Java-Broker-Security-SSL.html Tue Oct  8 22:56:26 2013
@@ -1,57 +1,47 @@
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>10.5. SSL</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 10. Security"><link rel="prev" href="Java-Broker-Security-ACLs.html" title="10.4. Access Control Lists"><link rel="next" href="Java-Broker-Runtime.html" title="Chapter 11. Runtime"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpid™</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="http://qpid.apache.org/download.h
 tml">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI>
 <A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.apache.org/founda
 tion/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> &gt; <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> &gt; <span class="breadcrumb-node">SSL</span></DIV><div class="section" title="10.5. SSL"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-SSL"></a>10.5. SSL</h2></div></div></div><p>
-        This section will show how to use SSL to enable secure
-        connections between an AMQP message client and the broker.
-    </p><div class="section" title="10.5.1. Keystore Configuration"><div class="titlepage"><div><div><h3 class="title"><a name="SSL-Keystore"></a>10.5.1. Keystore Configuration</h3></div></div></div><p>
-            The broker configuration file (config.xml) needs to be updated to include the required SSL keystore
-            configuration, an example of which can be found below.
-        </p><div class="example"><a name="idp957712"></a><p class="title"><b>Example 10.6. Configuring an SSL Keystore</b></p><div class="example-contents"><pre class="programlisting">
-&lt;connector&gt;
-  ...
-  &lt;ssl&gt;
-    &lt;enabled&gt;true&lt;/enabled&gt;
-    &lt;port&gt;5671&lt;/port&gt;
-    &lt;sslOnly&gt;false&lt;/sslOnly&gt;
-    &lt;keyStorePath&gt;/path/to/keystore.ks&lt;/keyStorePath&gt;
-    &lt;keyStorePassword&gt;keystorepass&lt;/keyStorePassword&gt;
-    &lt;certAlias&gt;alias&lt;certAlias&gt;
-  &lt;/ssl&gt;
-  ...
-&lt;connector&gt;</pre></div></div><br class="example-break"><p>
-            The certAlias element is an optional way of specifying which certificate the broker should use
-            if the keystore contains multiple entries.
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>11.4. SSL</title><link rel="stylesheet" type="text/css" href="css/style.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="AMQP Messaging Broker (Java)"><link rel="up" href="Java-Broker-Security.html" title="Chapter 11. Security"><link rel="prev" href="Java-Broker-Security-ACLs.html" title="11.3. Access Control Lists"><link rel="next" href="Java-Broker-Runtime.html" title="Chapter 12. Runtime"></head><body><div class="container" bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><DIV class="header"><DIV class="logo"><H1>Apache Qpid™</H1><H2>Open Source AMQP Messaging</H2></DIV></DIV><DIV class="menu_box"><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Apache Qpid</H3><UL><LI><A href="http://qpid.apache.org/index.html">Home</A></LI><LI><A href="http://qpid.apache.org/download.h
 tml">Download</A></LI><LI><A href="http://qpid.apache.org/getting_started.html">Getting Started</A></LI><LI><A href="http://www.apache.org/licenses/">License</A></LI><LI><A href="https://cwiki.apache.org/qpid/faq.html">FAQ</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Documentation</H3><UL><LI><A href="http://qpid.apache.org/documentation.html#doc-release">Latest Release</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-trunk">Trunk</A></LI><LI><A href="http://qpid.apache.org/documentation.html#doc-archives">Archive</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Community</H3><UL><LI><A href="http://qpid.apache.org/getting_involved.html">Getting Involved</A></LI><LI><A href="http://qpid.apache.org/source_repository.html">Source Repository</A></LI><LI><A href="http://qpid.apache.org/mailing_lists.html">Mailing Lists</A></LI><LI>
 <A href="https://cwiki.apache.org/qpid/">Wiki</A></LI><LI><A href="https://issues.apache.org/jira/browse/qpid">Issue Reporting</A></LI><LI><A href="http://qpid.apache.org/people.html">People</A></LI><LI><A href="http://qpid.apache.org/acknowledgements.html">Acknowledgements</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>Developers</H3><UL><LI><A href="https://cwiki.apache.org/qpid/building.html">Building Qpid</A></LI><LI><A href="https://cwiki.apache.org/qpid/developer-pages.html">Developer Pages</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About AMQP</H3><UL><LI><A href="http://qpid.apache.org/amqp.html">What is AMQP?</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV><DIV class="menu_box_top"></DIV><DIV class="menu_box_body"><H3>About Apache</H3><UL><LI><A href="http://www.apache.org">Home</A></LI><LI><A href="http://www.apache.org/founda
 tion/sponsorship.html">Sponsorship</A></LI><LI><A href="http://www.apache.org/foundation/thanks.html">Thanks</A></LI><LI><A href="http://www.apache.org/security/">Security</A></LI></UL></DIV><DIV class="menu_box_bottom"></DIV></DIV><div class="main_text_area"><div class="main_text_area_top"></div><div class="main_text_area_body"><DIV class="breadcrumbs"><span class="breadcrumb-link"><a href="index.html">AMQP Messaging Broker (Java)</a></span> &gt; <span class="breadcrumb-link"><a href="Java-Broker-Security.html">Security</a></span> &gt; <span class="breadcrumb-node">SSL</span></DIV><div class="section"><div class="titlepage"><div><div><h2 class="title"><a name="Java-Broker-Security-SSL"></a>11.4. SSL</h2></div></div></div><p>
+        This section guides through the details of configuration of Keystores and Trsustores
+        required for enabling of SSL transport and Client Certificate Authentication on Broker ports.
+        The details how to configure SSL on Broker ports are provided in <a class="xref" href="Java-Broker-Ports.html" title="Chapter 6. Broker Ports">Chapter 6, <i>Broker Ports</i></a>.
+    </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="Java-Broker-SSL-Keystore"></a>11.4.1. Keystore Configuration</h3></div></div></div><p>
+            A Keystore can be added/deleted/edited using <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-REST-API" title="5.2.4. REST API">
+            REST Management interfaces</a> and <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">
+            Web Management Console</a>. Any number of Keystores can be configured on the Broker.
+            SSL ports can be configured with different Keystores.
+        </p><p>The following Keystore managing operations are available from
+        <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">Web Management Console</a>:
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A new Keystore can be added by clicking on "Add Key Store" button on the Broker tab.</p></li><li class="listitem"><p>Keystore details can be viewed on the Keystore tab which is displayed after clicking
+            on Keystore name in the Broker object tree or after clicking on Keystore row in Keystores grid on the Broker tab.</p></li><li class="listitem"><p>Editing of Keystore can be performed by clicking on "Edit" button on the Keystore tab.
+            Changing of Keystore name is unsupported at the moment. If changed Keystore is used by the Port
+            the changes on Port object will take effect after Broker restart.</p></li><li class="listitem"><p>An existing Keystore can be deleted by clicking on "Delete Key Store" button on Broker tab
+            or hitting "Delete" button on the Keystore tab. Only unused Keystores can be deleted.
+            The deletion of the Keystore configured on any Broker Port is not allowed.</p></li></ul></div><p>
         </p><p>
-            The sslOnly element controls whether the broker will <span class="bold"><strong>only</strong></span> bind
-            the configured SSL port(s) or will also bind the non-SSL port(s). Setting sslOnly to true will
-            disable the non-SSL ports.
-        </p><div class="important" title="Important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>
+            The "Keystore certificate alias" field is an optional way of specifying which certificate the broker should use
+            if the keystore contains multiple entries. Optionally "Key manager factory algorithm" and "Key store type" can
+            be specified on Keystore creation.
+        </p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>
                 The password of the certificate used by the Broker <span class="bold"><strong>must</strong></span>
                 match the password of the keystore itself. This is a restriction of the Qpid Broker
                 implementation.  If using the <a class="ulink" href="http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html" target="_top">keytool</a> utility,
                 note that this means the argument to the <code class="option">-keypass</code> option must match
                 the <code class="option">-storepass</code> option.
-            </p></div></div><div class="section" title="10.5.2. Truststore / Client Certificate Authentication"><div class="titlepage"><div><div><h3 class="title"><a name="SSL-Truststore-ClientCertificate"></a>10.5.2. Truststore / Client Certificate Authentication</h3></div></div></div><p>
-            The SSL trustore and related Client Certificate Authentication behaviour can be configured with
-            additional configuration as shown in the example below, in which the broker requires client
-            certificate authentication.
-        </p><div class="example"><a name="idp967008"></a><p class="title"><b>Example 10.7. Configuring an SSL Truststore and client auth</b></p><div class="example-contents"><pre class="programlisting">
-&lt;connector&gt;
-  ...
-  &lt;ssl&gt;
-    ...
-    &lt;trustStorePath&gt;/path/to/truststore.ks&lt;/trustStorePath&gt;
-    &lt;trustStorePassword&gt;truststorepass&lt;/trustStorePassword&gt;
-    &lt;needClientAuth&gt;true&lt;/needClientAuth&gt;
-    &lt;wantClientAuth&gt;false&lt;/wantClientAuth&gt;
-    ...
-  &lt;/ssl&gt;
-  ...
-&lt;connector&gt;</pre></div></div><br class="example-break"><p>
-            The needClientAuth and wantClientAuth elements allow control of whether the client must present an
-            SSL certificate. Only one of these elements is needed but both may be used at the same time.
-            A socket's client authentication setting is one of three states: required (needClientAuth = true),
-            requested (wantClientAuth = true), or none desired (both false, the default). If both elements are
-            set to true, needClientAuth takes precedence.
-        </p><p>
-            When using Client Certificate Authentication it may be desirable to use the External Authentication
-            Manager, for details see <a class="xref" href="Java-Broker-Security-Authentication-Providers.html#ExternalAuthManager" title="10.3.4. External (SSL Client Certificates)">Section 10.3.4, “External (SSL Client Certificates)”</a>
-        </p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security-ACLs.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Runtime.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">10.4. Access Control Lists </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 11. Runtime</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>
+            </p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="SSL-Truststore-ClientCertificate"></a>11.4.2. Truststore / Client Certificate Authentication</h3></div></div></div><p>
+            The SSL trustore and related Client Certificate Authentication behaviour can be configured
+            by adding a Trustore configured object and associating it with the SSL port.
+            A Truststore can be added/deleted/edited using <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-REST-API" title="5.2.4. REST API">
+            REST Management interfaces</a> and <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">
+            Web Management Console</a>. Any number of Trustores can be configured on the Broker.
+            Multiple Trustores can be configured on Broker SSL Ports.
+        </p><p>The following Truststore managing operations are available from
+        <a class="link" href="Java-Broker-Configuring-And-Managing-HTTP-Management.html#Java-Broker-Configuring-And-Managing-Web-Console" title="5.2.2. Web Management Console">Web Management Console</a>:
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>A new Truststore can be added by clicking on "Add Trust Store" button on the Broker tab.</p></li><li class="listitem"><p>Truststore details can be viewed on the Truststore tab which is displayed after clicking
+            onto Truststore name in the Broker object tree or after clicking onto Truststore row in Truststores grid on the Broker tab.</p></li><li class="listitem"><p>Trustore can be edited by clicking onto "Edit" button on the Trustore tab.
+            Changing of Trustore name is unsupported at the moment.</p></li><li class="listitem"><p>An existing Trustore can be deleted by clicking onto "Delete Trust Store" button
+            on Broker tab or "Delete" button on the Truststore tab. Only unused Truststores can be deleted.
+            The deletion of the Truststore configured on any Broker Port is not allowed.</p></li></ul></div><p>
+        </p><p>When "Peers Only" option is selected for the Truststore it will allow logging in for the clients
+        with the certificate exactly matching the certificate loaded in the Truststore database,
+        thus, authenticating the connections with self signed certificates not nessesary signed by CA.
+        </p><p>"Trust manager factory algorithm" and "Trust store type" can
+            be optionally specified for the Trustore.
+        </p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Java-Broker-Security-ACLs.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Java-Broker-Runtime.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">11.3. Access Control Lists </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 12. Runtime</td></tr></table></div><div class="main_text_area_bottom"></div></div></div></body></html>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message