qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oru...@apache.org
Subject [05/32] qpid-site git commit: QPID-8148: Update site for Qpid Broker-J release 7.0.3
Date Thu, 05 Apr 2018 17:25:06 GMT
http://git-wip-us.apache.org/repos/asf/qpid-site/blob/082a5541/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Memory.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Memory.html.in b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Memory.html.in
new file mode 100644
index 0000000..4787110
--- /dev/null
+++ b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Memory.html.in
@@ -0,0 +1,138 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">9.11.&#160;Memory</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Runtime-Connection-Limit.html">Prev</a>&#160;</td><th align="center" width="60%">Chapter&#160;9.&#160;Runtime</th><td align="right" width="20%">&#160;<a accesskey="n" href="Java-Broker-High-Availability.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Runtime-Memory"></a>9.11.&#160;Memory</h2></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Memory-Introduction"></a>9.11.1.&#160;Introduction</h3></div></div></div><p>
+      Understanding how the Qpid broker uses memory is essential to running a high performing and reliable service.
+      A wrongly configured broker can exhibit poor performance or even crash with an <code class="literal">OutOfMemoryError</code>.
+      Unfortunately, memory usage is not a simple topic and thus requires some in depth explanations.
+      This page should give the required background information to make informed decisions on how to configure your broker.
+    </p><p>
+      <a class="xref" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Types" title="9.11.2.&#160;Types of Memory">Section&#160;9.11.2, &#8220;Types of Memory&#8221;</a> explains the two different kinds of Java memory most relevant to the broker.
+      <a class="xref" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Usage" title="9.11.3.&#160;Memory Usage in the Broker">Section&#160;9.11.3, &#8220;Memory Usage in the Broker&#8221;</a> goes on to explain which parts of the broker use what kind of memory.
+      <a class="xref" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Low-Memory" title="9.11.4.&#160;Low Memory Conditions">Section&#160;9.11.4, &#8220;Low Memory Conditions&#8221;</a> explains what happens when the system runs low on memory.
+      <a class="xref" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Defaults" title="9.11.5.&#160;Defaults">Section&#160;9.11.5, &#8220;Defaults&#8221;</a> lays out the default settings of the Qpid broker.
+      Finally, <a class="xref" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Tuning" title="9.11.6.&#160;Memory Tuning the Broker">Section&#160;9.11.6, &#8220;Memory Tuning the Broker&#8221;</a> gives some advice on tuning your broker.
+    </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Memory-Types"></a>9.11.2.&#160;Types of Memory</h3></div></div></div><p>
+      While Java has a couple of different internal memory types we will focus on the two types that are relevant to the Qpid broker.
+      Both of these memory types are taken from the same physical memory (RAM).
+    </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6149"></a>9.11.2.1.&#160;Heap</h4></div></div></div><p>
+        Normally, all objects are allocated from Java's heap memory.
+        Once, nothing references an object it is cleaned up by the Java Garbage Collector and it's memory returned to the heap.
+        This works fine for most use cases.
+        However, when interacting with other parts of the operating system using Java's heap is not ideal.
+        This is where the so called direct memory comes into play.
+      </p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6154"></a>9.11.2.2.&#160;Direct</h4></div></div></div><p>
+        The world outside of the JVM, in particular the operating system (OS), does not know about Java heap memory and uses other structures like C arrays.
+        In order to interact with these systems Java needs to copy data between its own heap memory and these native structures.
+        This can become a bottle neck when there is a lot of exchange between Java and the OS like in I/O (both disk and network) heavy applications.
+        Java's solution to this is to allow programmers to request <code class="literal">ByteBuffer</code>s from so called direct memory.
+        This is an opaque structure that <span class="emphasis"><em>might</em></span> have an underlying implementation that makes it efficient to interact with the OS.
+        Unfortunately, the GC is not good at tracking direct memory and in general it is inadvisable to use direct memory for regular objects.
+      </p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Memory-Usage"></a>9.11.3.&#160;Memory Usage in the Broker</h3></div></div></div><p>
+      This section lists some note worthy users of memory within the broker and where possible lists their usage of heap and direct memory.
+      Note that to ensure smooth performance some heap memory should remain unused by the application and be reserved for the JVM to do house keeping and garbage collection.
+      <a class="link" href="https://docs.oracle.com/cd/E17277_02/html/java/com/sleepycat/je/util/DbCacheSize.html" target="_top">Some guides</a> advise to reserve up to 30% of heap memory for the JVM.
+    </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6173"></a>9.11.3.1.&#160;Broker</h4></div></div></div><p>
+        The broker itself uses a moderate amount of heap memory (&#8776;15 MB).
+        However, each connection and session comes with a heap overhead of about 17 kB and 15 kB respectively.
+        In addition, each connection reserves 512 kB direct memory for network I/O.
+      </p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6178"></a>9.11.3.2.&#160;Virtual Hosts</h4></div></div></div><p>
+        The amount of memory a Virtual Host uses depends on its type.
+        For a JSON Virtual Host Node with a BDB Virtual Host the heap memory usage is approximately 2 MB.
+        However, each BDB Virtual Hosts has a mandatory cache in heap memory which has an impact on performance.
+        See <a class="link" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Usage-BDB" title="9.11.3.4.&#160;Message Store">below</a> for more information.
+      </p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6186"></a>9.11.3.3.&#160;Messages</h4></div></div></div><p>
+        Messages and their headers are kept in direct memory and have an additional overhead of approximately 1 kB heap memory each.
+        This means that most brokers will want to have more direct memory than heap memory.
+        When many small messages accumulate on the broker the 1 kB heap memory overhead can become a <a class="link" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Low-Memory-Heap" title="9.11.4.1.&#160;Low on Heap Memory">limiting factor</a>.
+      </p><p>
+        When the broker is <a class="link" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Low-Memory-Direct" title="9.11.4.2.&#160;Low on Direct Memory">running low on direct memory</a>
+        it will evict enqueued messages from memory and <a class="link" href="Java-Broker-Runtime-Flow-To-Disk.html" title="9.6.&#160;Flow to Disk">flow them to disk</a>.
+        For persistent messages this only means freeing the direct memory representation because they always have an on-disk representation to guard against unexpected failure (e.g., a power cut).
+        For transient messages this implies additional disk I/O.
+        After being flowed to disk messages need to be re-read from disk before delivery.
+      </p><p>Please, note that messages from uncommitted transactions are not
+        <a class="link" href="Java-Broker-Runtime-Flow-To-Disk.html" title="9.6.&#160;Flow to Disk">flowed to disk</a> as part of
+        <a class="link" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Low-Memory-Direct" title="9.11.4.2.&#160;Low on Direct Memory">running into low direct memory conditions</a>,
+        as they are not enqueued yet. The <code class="literal">Connection</code> has its own threshold for
+        keeping messages from uncommitted transactions in memory. Only when <code class="literal">Connection</code> threshold
+        is breached, the uncommitted messages on the connection are
+        <a class="link" href="Java-Broker-Runtime-Flow-To-Disk.html" title="9.6.&#160;Flow to Disk">flowed to disk</a>.</p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Memory-Usage-BDB"></a>9.11.3.4.&#160;Message Store</h4></div></div></div><div class="section"><div class="titlepage"><div><div><h5 class="title"><a id="d0e6222"></a>Berkeley DB (BDB)</h5></div></div></div><p>
+          The broker can use Oracle's BDB JE (BDB) as a message store to persist messages by writing them to a database.
+          BDB uses a mandatory cache for navigating and organising its database structure.
+          Sizing and tuning this cache is a topic of its own and would go beyond the scope of this guide.
+          Suffice to say that by default Qpid uses 5% of heap memory for BDB caches (each Virtual Host uses a separate cache) or 10 MB per BDB store, whichever is greater.
+          See the <a class="link" href="http://www.oracle.com/us/products/database/berkeley-db/je" target="_top">official webpage</a> especially <a class="link" href="http://docs.oracle.com/cd/E17277_02/html/java/com/sleepycat/je/util/DbCacheSize.html" target="_top">this page</a> for more information.
+          For those interested, Qpid uses <a class="link" href="http://docs.oracle.com/cd/E17277_02/html/java/com/sleepycat/je/CacheMode.html#EVICT_LN" target="_top">EVICT_LN</a> as its default JE cacheMode.
+        </p><p>
+          Note that due to licensing concerns Qpid does not ship the BDB JE jar files.
+        </p></div><div class="section"><div class="titlepage"><div><div><h5 class="title"><a id="d0e6238"></a>Derby</h5></div></div></div><p>
+          TODO
+        </p></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6243"></a>9.11.3.5.&#160;HTTP Management</h4></div></div></div><p>
+        Qpid uses Jetty for the HTTP Management (both REST and Web Management Console).
+        When the management plugin is loaded it will allocate the memory it needs and should not require more memory during operation and can thus be largely ignored.
+      </p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Memory-Low-Memory"></a>9.11.4.&#160;Low Memory Conditions</h3></div></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Memory-Low-Memory-Heap"></a>9.11.4.1.&#160;Low on Heap Memory</h4></div></div></div><p>
+        When the broker runs low on heap memory performance will degrade because the JVM will trigger full garbage collection (GC) events in a struggle to free memory.
+        These full GC events are also called stop-the-world events as they completely halt the execution of the Java application.
+        Stop-the-world-events may take any where from a couple of milliseconds up to several minutes.
+        Should the heap memory demands rise even further the JVM will eventually throw an OutOfMemoryError which will cause the broker to shut down.
+      </p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Memory-Low-Memory-Direct"></a>9.11.4.2.&#160;Low on Direct Memory</h4></div></div></div><p>
+        When the broker detects that it uses 75% of available direct memory it will start flowing incoming transient messages to disk and reading them back before delivery.
+        This will prevent the broker from running out of direct memory but may degrade performance by requiring disk I/O.
+      </p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Memory-Defaults"></a>9.11.5.&#160;Defaults</h3></div></div></div><p>
+      By default Qpid uses these settings:
+      </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+          0.5 GB heap memory
+        </li><li class="listitem">
+          1.5 GB direct memory
+        </li><li class="listitem">
+          5% of heap reserved for the BDB JE cache.
+        </li><li class="listitem">
+          Start flow-to-disk at 75% direct memory utilisation.
+        </li></ul></div><p>
+      As an example, this would accommodate a broker with 50 connections, each serving 5 sessions, and each session having 1000 messages of 1 kB on queues in the broker.
+      This means a total of 250 concurrent sessions and a total of 250000 messages without flowing messages to disk.
+    </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Memory-Tuning"></a>9.11.6.&#160;Memory Tuning the Broker</h3></div></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6279"></a>9.11.6.1.&#160;Java Tuning</h4></div></div></div><p>
+        Most of these options are implementation specific. It is assumed you are using Oracle Java 1.8.
+        </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+            Heap and direct memory can be configured through the <a class="link" href="Java-Broker-Appendix-Environment-Variables.html#Java-Broker-Appendix-Environment-Variables-Qpid-Java-Mem"><code class="literal">QPID_JAVA_MEM</code> environment variable</a>.
+          </li></ul></div><p>
+      </p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6293"></a>9.11.6.2.&#160;Qpid Tuning</h4></div></div></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+          The system property <code class="literal">qpid.broker.bdbTotalCacheSize</code> sets the total amount of heap memory (in bytes) allocated to BDB caches.
+        </li><li class="listitem">
+          The system property <code class="literal">broker.flowToDiskThreshold</code> sets the threshold (in bytes) for flowing transient messages to disk.
+          Should the broker use more than direct memory it will flow incoming messages to disk.
+          Should utilisation fall beneath the threshold it will stop flowing messages to disk.
+        </li><li class="listitem">
+          The system property <code class="literal">connection.maxUncommittedInMemorySize</code> sets the threshold (in bytes)
+          for total messages sizes (in bytes) from connection uncommitted transactions when messages are hold in memory.
+          If threshold is exceeded, all messages from connection in-flight transactions are flowed to disk including
+          those arriving after breaching the threshold.
+        </li></ul></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6312"></a>9.11.6.3.&#160;Formulae</h4></div></div></div><p>
+        We developed a simple formula which estimates the <span class="emphasis"><em>minimum</em></span> memory usage of the broker under certain usage.
+        These are rough estimate so we strongly recommend testing your configuration extensively.
+        Also, if your machine has more memory available by all means use more memory as it can only improve the performance and stability of your broker.
+        However, remember that both heap and direct memory are served from your computer's physical memory so their sum should never exceed the physically available RAM (minus what other processes use).
+      </p><p>
+        </p><div class="informalequation"><span class="mathphrase">
+            memory<sub>heap</sub> = 15 MB + 20 kB * N<sub>sessions</sub> + 1.5 kB * N<sub>messages</sub> + 100 kB * N<sub>connections</sub>
+          </span></div><p>
+      </p><p>
+        </p><div class="informalequation"><span class="mathphrase">
+            memory<sub>direct</sub> = 2 MB + (200 B + averageSize<sub>msg</sub> *2)*  N<sub>messages</sub> + 1MB * N<sub>connections</sub>
+          </span></div><p>
+      </p><p>
+        Where <span class="mathphrase">N</span> denotes the total number of connections/sessions/messages on the broker. Furthermore, for direct memory only the messages that have not been flowed to disk are relevant.
+      </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>The formulae assume the worst case in terms of memory usage: persistent messages and TLS connections. Transient messages consume less heap memory than persistent and plain connections consume less direct memory than TLS
+          connections.
+        </p></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="d0e6364"></a>9.11.6.4.&#160;Things to Consider</h4></div></div></div><div class="section"><div class="titlepage"><div><div><h5 class="title"><a id="d0e6367"></a>Performance</h5></div></div></div><p>
+          Choosing a smaller direct memory size will lower the threshold for flowing transient messages to disk when messages accumulate on a queue.
+          This can have impact on performance in the transient case where otherwise no disk I/O would be involved.
+        </p><p>
+          Having too little heap memory will result in poor performance due to frequent garbage collection events. See <a class="xref" href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Low-Memory" title="9.11.4.&#160;Low Memory Conditions">Section&#160;9.11.4, &#8220;Low Memory Conditions&#8221;</a> for more details.
+        </p></div><div class="section"><div class="titlepage"><div><div><h5 class="title"><a id="d0e6376"></a>OutOfMemoryError</h5></div></div></div><p>
+          Choosing too low heap memory can cause an OutOfMemoryError which will force the broker to shut down.
+          In this sense the available heap memory puts a hard limit on the number of messages you can have in the broker at the same time.
+        </p><p>
+          If the Java runs out of direct memory it also throws a OutOfMemoryError resulting the a broker shutdown.
+          Under normal circumstances this should not happen but needs to be considered when deviating from the default configuration, especially when changing the flowToDiskThreshold.
+        </p><p>
+          If you are sending very large messages you should accommodate for this by making sure you have enough direct memory.
+        </p></div></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Runtime-Connection-Limit.html">Prev</a>&#160;</td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Runtime.html">Up</a></td><td align="right" width="40%">&#160;<a accesskey="n" href="Java-Broker-High-Availability.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">9.10.&#160;Connection Limits&#160;</td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%">&#160;Chapter&#160;10.&#160;High Availability</td></tr></table></div></div>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/082a5541/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Message-Compression.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Message-Compression.html.in b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Message-Compression.html.in
new file mode 100644
index 0000000..2c58f32
--- /dev/null
+++ b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Message-Compression.html.in
@@ -0,0 +1,15 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">9.9.&#160;Message Compression</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Runtime-Background-Recovery.html">Prev</a>&#160;</td><th align="center" width="60%">Chapter&#160;9.&#160;Runtime</th><td align="right" width="20%">&#160;<a accesskey="n" href="Java-Broker-Runtime-Connection-Limit.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Runtime-Message-Compression"></a>9.9.&#160;Message Compression</h2></div></div></div><p>The Apache Qpid Broker-J supports<a class="footnote" href="#ftn.d0e6057" id="d0e6057"><sup class="footnote">[10]</sup></a> message compression. This feature works in co-operation with Qpid
+  Clients implementing the same feature.</p><p>Once the feature is enabled (using Broker context variable
+   <span class="emphasis"><em>broker.messageCompressionEnabled</em></span>), the Broker will advertise support for the
+  message compression feature to the client at connection time. This allows clients to opt to turn
+  on message compression, allowing message payload sizes to be reduced.</p><p>If the Broker has connections from clients who have message compression enabled and others who
+  do not, it will internally, on-the-fly, decompress compressed messages when sending to clients
+  without support and conversely, compress uncomressed messages when sending to clients who do.</p><p>The Broker has a threshold below which it will not consider compressing a message, this is
+  controlled by Broker content variable
+   (<code class="literal">connection.messageCompressionThresholdSize</code>) and expresses a size in bytes.</p><p>This feature <span class="emphasis"><em>may</em></span> have a beneficial effect on performance by:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>Reducing the number of bytes transmitted over the wire, both between Client and Broker, and
+    in the HA case, Broker to Broker, for replication purposes.</p></li><li class="listitem"><p>Reducing storage space when data is at rest within the Broker, both on disk and in
+    memory.</p></li></ul></div><p>Of course, compression and decompression is computationally expensive. Turning on the feature
+  may have a negative impact on CPU utilization on Broker and/or Client. Also for small messages
+  payloads, message compression may increase the message size. It is recommended to test the feature
+  with representative data.</p><div class="footnotes"><br /><hr style="width:100; text-align:left;margin-left: 0" /><div class="footnote" id="ftn.d0e6057"><p><a class="para" href="#d0e6057"><sup class="para">[10] </sup></a>Message compression is not yet supported for the 1.0
+    protocol.</p></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Runtime-Background-Recovery.html">Prev</a>&#160;</td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Runtime.html">Up</a></td><td align="right" width="40%">&#160;<a accesskey="n" href="Java-Broker-Runtime-Connection-Limit.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">9.8.&#160;Background Recovery&#160;</td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%">&#160;9.10.&#160;Connection Limits</td></tr></table></div></div>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/082a5541/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Transaction-Timeout.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Transaction-Timeout.html.in b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Transaction-Timeout.html.in
new file mode 100644
index 0000000..c8b963d
--- /dev/null
+++ b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime-Transaction-Timeout.html.in
@@ -0,0 +1,43 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">9.3.&#160;Transaction Timeout</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Runtime-Disk-Space-Management.html">Prev</a>&#160;</td><th align="center" width="60%">Chapter&#160;9.&#160;Runtime</th><td align="right" width="20%">&#160;<a accesskey="n" href="Java-Broker-Runtime-Handling-Undeliverable-Messages.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Runtime-Transaction-Timeout"></a>9.3.&#160;Transaction Timeout</h2></div></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Transaction-Timeout-GeneralInformation"></a>9.3.1.&#160;General Information</h3></div></div></div><p> The transaction timeout mechanism is used to control broker resources when clients
+   using transactions hang, become unresponsive, or simply (due to programming error)
+   begin a transaction and keep using it without ever calling committing or rolling back.</p><p>Users can choose to configure an idleWarn or openWarn threshold, after which the identified
+   transaction should be logged as a WARN level alert as well as (more importantly) an idleClose or
+   openClose threshold after which the transaction and the connection it applies to will be
+   closed.</p><p>This feature is particularly useful in environments where the owner of the broker does not
+   have full control over the implementation of clients, such as in a shared services
+   deployment.</p><p>The following section provide more details on this feature and its use.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Transaction-Timeout-Purpose"></a>9.3.2.&#160;Purpose</h3></div></div></div><p> This feature has been introduced to address the scenario where an open transaction on the
+   broker holds an open transaction on the persistent store. This can have undesirable consequences
+   if the store does not time out or close long-running transactions, such as with BDB. This can can
+   result in a rapid increase in disk usage size, bounded only by available space, due to growth of
+   the transaction log. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Transaction-Timeout-Effect"></a>9.3.3.&#160;Effect</h3></div></div></div><p>Full details of configuration options are provided in the sections that follow. This section
+   gives a brief overview of what the Transaction Timeout feature can do.</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Transaction-Timeout-Effect-Broker-Side"></a>9.3.3.1.&#160;Broker Logging and Connection Close</h4></div></div></div><p>When the openWarn or idleWarn specified threshold is exceeded, the broker will log a WARN
+    level alert with details of the connection on which the threshold has been exceeded,
+    along with the age of the transaction.</p><p>When the openClose or idleClose specified threshold value is exceeded, the broker will
+    throw an exception back to the client connection via the <a class="link" href="http://docs.oracle.com/javaee/6/api/javax/jms/ExceptionListener.html" target="_top">ExceptionListener</a>, log the
+    action and then close the connection.</p><p>The example broker log output shown below is where the idleWarn threshold specified is
+    lower than the idleClose threshold and the broker therefore logs the idle transaction 3 times
+    before the close threshold is triggered and the connection closed out.</p><pre class="screen">
+CON-1011 : Idle Transaction : 13,116 ms
+CON-1011 : Idle Transaction : 14,116 ms
+CON-1011 : Idle Transaction : 15,118 ms
+CON-1002 : Close : Idle transaction timed out
+   </pre><p>The second example broker log output shown below illustrates the same mechanism operating
+    on an open transaction.</p><pre class="screen">
+CON-1010 : Open Transaction : 12,406 ms
+CON-1010 : Open Transaction : 13,406 ms
+CON-1010 : Open Transaction : 14,406 ms
+CON-1002 : Close : Open transaction timed out
+   </pre></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Transaction-Timeout-Effect-Client-Side"></a>9.3.3.2.&#160;Client Side Effect</h4></div></div></div><p>After a Close threshold has been exceeded, the Broker will close the client's connection.
+    The application must reconnect itself in order to continue work.  If the
+    client is a JMS client, the application will be notified by the
+    <a class="link" href="http://docs.oracle.com/javaee/6/api/javax/jms/ExceptionListener.html" target="_top">exception
+     listener.</a></p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Transaction-Timeout-Configuration"></a>9.3.4.&#160;Configuration</h3></div></div></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Transaction-Timeout-Configuration-Overview"></a>9.3.4.1.&#160;Configuration</h4></div></div></div><p>The transaction timeouts can be specified when a new virtualhost is created or an exiting
+    virtualhost is edited.</p><p>We would recommend that only warnings are configured at first, which should allow broker
+    administrators to obtain an idea of the distribution of transaction lengths on their systems,
+    and configure production settings appropriately for both warning and closure. Ideally
+    establishing thresholds should be achieved in a representative UAT environment, with clients and
+    broker running, prior to any production deployment.</p><p>It is impossible to give suggested values, due to the large variation in usage depending on
+    the applications using a broker. However, clearly transactions should not span the expected
+    lifetime of any client application as this would indicate a hung client.</p><p>When configuring closure timeouts, it should be noted that a timeout on any producer
+    or consumer will cause the connection to be closed - this disconnecting all producers and consumers
+    created on that connection.</p></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Runtime-Disk-Space-Management.html">Prev</a>&#160;</td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Runtime.html">Up</a></td><td align="right" width="40%">&#160;<a accesskey="n" href="Java-Broker-Runtime-Handling-Undeliverable-Messages.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">9.2.&#160;Disk Space Management&#160;</td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%">&#160;9.4.&#160;Handing Undeliverable Messages</td></tr></table></div></div>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/082a5541/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime.html.in b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime.html.in
new file mode 100644
index 0000000..14f81b6
--- /dev/null
+++ b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Runtime.html.in
@@ -0,0 +1,97 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">Chapter&#160;9.&#160;Runtime</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Security-Configuration-Encryption.html">Prev</a>&#160;</td><th align="center" width="60%">&#160;</th><td align="right" width="20%">&#160;<a accesskey="n" href="Java-Broker-Runtime-Disk-Space-Management.html">Next</a></td></tr></table><hr /></div><div class="chapter"><div class="titlepage"><div><div><h1 class="title"><a id="Java-Broker-Runtime"></a>Chapter&#160;9.&#160;Runtime</h1></div></div></div><div class="toc"><p><strong>Table of Contents</strong></p><dl class="toc"><dt><span class="section"><a href="Java-Broker-Runtime.html#Java-Broker-Runtime-Logging">9.1. Logging</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Runtime.html#Java-Broker-Runtime-Logging-Concepts">9.1.1. Concepts</a></span></dt><dt><span class="section"><a href="
 Java-Broker-Runtime.html#Java-Broker-Runtime-Logging-Default-Configuration">9.1.2. Default Configuration</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime.html#Java-Broker-Runtime-Logging-Loggers">9.1.3. Loggers</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime.html#Java-Broker-Runtime-Logging-InclusionRules">9.1.4. Inclusion Rules</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime.html#Java-Broker-Runtime-Logging-Management">9.1.5. Logging Management</a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Runtime-Disk-Space-Management.html">9.2. Disk Space Management</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Runtime-Disk-Space-Management.html#Java-Broker-Runtime-Disk-Space-Management-Producer-Flow-Control">9.2.1. Disk quota-based flow control</a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Runtime-Transaction-Timeout.html">9.3. Transaction Timeout</a></span
 ></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Runtime-Transaction-Timeout.html#Java-Broker-Runtime-Transaction-Timeout-GeneralInformation">9.3.1. General Information</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Transaction-Timeout.html#Java-Broker-Runtime-Transaction-Timeout-Purpose">9.3.2. Purpose</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Transaction-Timeout.html#Java-Broker-Runtime-Transaction-Timeout-Effect">9.3.3. Effect</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Transaction-Timeout.html#Java-Broker-Runtime-Transaction-Timeout-Configuration">9.3.4. Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Runtime-Handling-Undeliverable-Messages.html">9.4. Handing Undeliverable Messages</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Runtime-Handling-Undeliverable-Messages.html#Java-Broker-Runtime-Handling-Undeliverable-Messages-Introduc
 tion">9.4.1. Introduction</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Handling-Undeliverable-Messages.html#Java-Broker-Runtime-Handling-Undeliverable-Messages-Maximum-Delivery-Count">9.4.2. Maximum Delivery Count</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Handling-Undeliverable-Messages.html#Java-Broker-Runtime-Handling-Undeliverable-Messages-Dead-Letter-Queues">9.4.3. Alternate Binding</a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Runtime-Close-Connection-When-No-Route.html">9.5. Closing client connections on unroutable mandatory messages</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Runtime-Close-Connection-When-No-Route.html#Java-Broker-Runtime-Close-Connection-When-No-Route-Summary">9.5.1. Summary</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Close-Connection-When-No-Route.html#Java-Broker-Runtime-Close-Connection-When-No-Route-Configuration">9.5.2. Conf
 iguring
+        <span class="emphasis"><em>closeWhenNoRoute</em></span>
+    </a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Runtime-Flow-To-Disk.html">9.6. Flow to Disk</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Consumers.html">9.7. Consumers</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Runtime-Consumers.html#Java-Broker-Runtime-Consumers-Prioirty">9.7.1. Priority</a></span></dt></dl></dd><dt><span class="section"><a href="Java-Broker-Runtime-Background-Recovery.html">9.8. Background Recovery</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Message-Compression.html">9.9. Message Compression</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Connection-Limit.html">9.10. Connection Limits</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Memory.html">9.11. Memory</a></span></dt><dd><dl><dt><span class="section"><a href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Introduction">9.11.1. Introduction</a></spa
 n></dt><dt><span class="section"><a href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Types">9.11.2. Types of Memory</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Usage">9.11.3. Memory Usage in the Broker</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Low-Memory">9.11.4. Low Memory Conditions</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Defaults">9.11.5. Defaults</a></span></dt><dt><span class="section"><a href="Java-Broker-Runtime-Memory.html#Java-Broker-Runtime-Memory-Tuning">9.11.6. Memory Tuning the Broker</a></span></dt></dl></dd></dl></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Runtime-Logging"></a>9.1.&#160;Logging</h2></div></div></div><p>This section describes the flexible logging capabilities of the Ap
 ache Qpid Broker-J.</p><p>
+    </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>The Broker is capable of sending logging events to a variety of destinations including
+          plain files, remote syslog daemons, and an in-memory buffer (viewable from Management).
+          The system is also open for extension meaning it is possible to produce a plugin to log to
+          a bespoke destination.</p></li><li class="listitem"><p>Logging can be dynamically configured at runtime. For instance, it is possible to
+          temporarily increase the logging verbosity of the system whilst a problem is investigated
+          and then revert later, all without the need to restart the Broker.</p></li><li class="listitem"><p>Virtualhosts can be configured to generate their own separate log, and the Broker is
+          capable of generating a log either inclusive or exclusive of virtualhost events.</p></li><li class="listitem"><p>Logs are accessible over Management, removing the need for those operating the Broker
+          to have shell level access.</p></li></ul></div><p>
+  </p><p>In the remainder of this section you will first find a description of the concepts used in
+    the logging subsystem. Next, you find a description of the default configuration. The section
+    then concludes with a in-depth description of the loggers themselves and how they may be
+    configured.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Logging-Concepts"></a>9.1.1.&#160;Concepts</h3></div></div></div><p>The logging subsystem uses two concepts:</p><p>
+      </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>A <span class="emphasis"><em>Logger</em></span> is responsible for production of a log. The Broker
+            ships a variety of loggers, for instance, a file logger, which is capable of writing a
+            log file to the file system, a Syslog Logger capable of writing to a remote syslog
+            daemon and console logger capable of writing to stdout or stderr.</p><p>Loggers are attached at two points within the Broker Model; the Broker itself and
+            the virtualhosts. Loggers attached at the Broker can capture log events for the system
+            as a whole, or can exclude events related to virtualhosts.</p><p>Loggers attached to a virtualhost capture log events relating to that virtualhost
+            only.</p><p>The Broker and virtualhosts can have zero or more Loggers. If no loggers are
+            configured, no logging is generated at all.</p></li><li class="listitem"><p><span class="emphasis"><em>Inclusion rules</em></span> govern what appears within a log. Inclusion
+            rules are associated with Loggers. This means it is possible for different Loggers to
+            have different contents.</p><p>A Logger with no inclusion rules will produce an empty log.</p></li></ul></div><p>
+    </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Logging-Default-Configuration"></a>9.1.2.&#160;Default Configuration</h3></div></div></div><p>The default configuration is designed to be suitable for use without change in small
+      production environments. It has the following characteristics:</p><p>
+      </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>The Broker generates a single log file <code class="literal">qpid.log</code>. This logfile is
+            rolled automatically when the file reaches 100MB. A maximum history of one file is
+            retained. On restart the the log will be appended to.</p><p>The log contains: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: circle; "><li class="listitem"><p>All operational logging events. See <a class="xref" href="Java-Broker-Appendix-Operation-Logging.html" title="Appendix&#160;C.&#160;Operational Logging">Appendix&#160;C, <em>Operational Logging</em></a>.</p></li><li class="listitem"><p>Log events from Qpid itself deemed informational or
+                higher.</p></li><li class="listitem"><p>Log events from Qpid's dependencies (such as Derby or Jetty) that are
+                  deemed warning or higher.</p></li></ul></div><p>
+          </p><p>The default location for the log file is
+              <code class="literal">${QPID_WORK}/log/qpid.log</code>.</p></li><li class="listitem"><p>The Broker also caches the last 4096 log events in a memory cache. By default, the
+            memory logger logs the same things the file logger does.</p></li></ul></div><p>
+    </p><p>The configuration can be customised at runtime using Management. This makes it possible to
+      investigate unusual conditions <span class="emphasis"><em>without</em></span> the need to restart the Broker.
+      For instance, you may alter the logging level so that a verbose log is produced whilst an
+      investigation is in progress and revert the setting later, all without the need to restart the
+      Broker.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Logging-Loggers"></a>9.1.3.&#160;Loggers</h3></div></div></div><p>Loggers are responsible for the writing of a log. The log includes log events that match a
+      Logger's inclusion rules.</p><p>Loggers are associated with either the Broker or a virtualhost. Virtualhost loggers write
+      only log events related to that virtualhost. Broker Loggers write log events from the Broker
+      as a whole. Optionally a Broker Logger can be configured to exclude log events coming from
+      virtualhosts. These abilities can be usefully exploited together in managed service scenarios
+      to produce separate logs for separate user groups.</p><p>Loggers can be added or removed at runtime, without restarting the Broker. However changes
+      to a Logger's configuration such as filenames and rolling options don't take effect until the
+      next restart. Changes to a Logger's inclusion rules take effect immediately.</p><p>All loggers allow the log event layout to be customised. Loggers understand <a class="link" href="http://logback.qos.ch/manual/layouts.html#ClassicPatternLayout" target="_top"> Logback Classic
+        Pattern Layouts</a>. </p><p>The following sections describes each Logger implementation in detail.</p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Logging-Loggers-FileLogger"></a>9.1.3.1.&#160;FileLogger</h4></div></div></div><p>A <span class="emphasis"><em>FileLogger</em></span> - writes a log file to the filesystem. The name and
+        location of the log file, the rolling configuration, and compression options can be
+        configured.</p><p>The <span class="emphasis"><em>roll daily</em></span> option, if enabled, will cause the log file will be
+        rolled at midnight local time. The rolled over file will have a suffix in the form
+          <code class="literal">yyyy-mm-dd</code>. In roll daily mode, <span class="emphasis"><em>maximum number of rolled
+          files</em></span> controls the maximum number of <span class="emphasis"><em>days</em></span> to be retained.
+        Older files will be deleted.</p><p>The <span class="emphasis"><em>maximum file size</em></span> option limits the size of any one log file.
+        Once a log file reaches the given size, it will be rolled. The rolled over file will have
+        the numeric suffix, beginning at <code class="literal">1</code>. If the log file rolls again, first
+        the existing file with the suffix <code class="literal">.1</code> is renamed to <code class="literal">.2</code>
+        and so forth. If roll daily is not in use, <span class="emphasis"><em>maximum number of rolled
+          files</em></span> governs the number of rolled <span class="emphasis"><em>files</em></span> that will be
+        retained.</p><p><span class="emphasis"><em>Roll on restart</em></span> governs whether the log file is rolled when the
+        Broker is restarted. If not ticked, the Broker will append to the existing log file until it
+        needs to be rolled.</p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Logging-Loggers-ConsoleLogger"></a>9.1.3.2.&#160;ConsoleLogger</h4></div></div></div><p><span class="emphasis"><em>ConsoleLogger</em></span> - writes a log file standard out or standard
+        error.</p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Logging-Loggers-SyslogLogger"></a>9.1.3.3.&#160;SyslogLogger</h4></div></div></div><p><span class="emphasis"><em>SyslogLogger</em></span> - writes a log file to a syslog daemon using the
+          <code class="literal">USER</code> facility. The hostname and port number of the syslog daemon can be
+        configured.</p><p>Log entries can be prefixed with a string. This string defaults to include the word
+          <code class="literal">Qpid</code> and the name of the Broker or virtualhost. This serves to
+        distinguish the logging generated by this Qpid instance, from other Qpid instances, or other
+        applications using the <code class="literal">USER</code>.</p></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Runtime-Logging-Loggers-MemoryLogger"></a>9.1.3.4.&#160;MemoryLogger</h4></div></div></div><p><span class="emphasis"><em>MemoryLogger</em></span> - writes a log file to a circular in-memory buffer. By
+        default the circular buffer holds the last 4096 log events. The contents of the buffer can
+        be viewed via Management. See <a class="xref" href="Java-Broker-Runtime.html#Java-Broker-Runtime-Logging-Management-MemoryLogger" title="Figure&#160;9.3.&#160;Viewing a memory logger">Figure&#160;9.3, &#8220;Viewing a memory logger&#8221;</a></p></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Logging-InclusionRules"></a>9.1.4.&#160;Inclusion Rules</h3></div></div></div><p>A <span class="emphasis"><em>Logger</em></span> has one or more <span class="emphasis"><em>inclusion rules</em></span>. These
+      govern what appears in the log. A Logger with no inclusion rules will log nothing.</p><p>Inclusion rules can be added, removed or changed at runtime. Changes take place
+      immediately.</p><p>
+      </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>The <span class="emphasis"><em>Name And Level</em></span> inclusion rule accepts log events that match
+            a given <span class="emphasis"><em>log event source name</em></span> and have a level that equals or
+            exceeds the specified value.</p><p>The log event source name refers to the fully qualified class name from which the
+            event originates. These names permit a trailing wild card <code class="literal">.*</code>. For
+            instance a source name of <code class="literal">org.apache.qpid.*</code> will match all events
+            from classes in the package <code class="literal">org.apache.qpid</code> and any sub packages
+            beneath.</p><p>The <span class="emphasis"><em>Level</em></span> governs the level of the events that will be included
+            in the log. It may take one of the following values: ERROR, WARN, INFO, DEBUG, TRACE
+            where ERROR is considered the highest and TRACE the lowest. In addition, there are two
+            special values: OFF and ALL, the former excludes all log events whereas the latter will
+            include everything. When considering whether a logging event should be included in the
+            log, the logging event must have a level that matches that of the inclusion rule or be
+            higher, otherwise the log event will not appear in the log.</p></li></ul></div><p>
+    </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Runtime-Logging-Management"></a>9.1.5.&#160;Logging Management</h3></div></div></div><p>The logging subsystem can be completely managed from the Web Management Console or the
+      REST API. You can: </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>Add, remove, or change the configuration of Loggers.</p></li><li class="listitem"><p>Add, remove, or change the Inclusion Rules.</p></li><li class="listitem"><p>For FileLoggers, download the log file and rolled log files associated with
+            the Logger.</p></li><li class="listitem"><p>For MemoryLoggers, view the last <code class="literal">n</code> log
+          events</p></li></ul></div><p>
+    </p><p> The figure that follows shows a FileLogger. The attributes area shows the configuration
+      of the Logger. The inclusion rule table shows the rules that are associated with the Logger.
+      The area towards the bottom of the tab allows the log files to be downloaded to the browser.
+        </p><div class="figure"><a id="Java-Broker-Runtime-Logging-Management-FileLogger"></a><p class="title"><strong>Figure&#160;9.1.&#160;Viewing a file logger</strong></p><div class="figure-contents"><div class="mediaobject"><table border="0" style="cellpadding: 0; cellspacing: 0;" summary="manufactured viewport for HTML img" width="900"><tr><td><img alt="Viewing a file logger" src="images/Management-Web-Logging-FileLogger.png" width="900" /></td></tr></table></div></div></div><p><br class="figure-break" />
+    </p><p> The figure below shows the editing of the level of an inclusion rule. </p><div class="figure"><a id="Java-Broker-Runtime-Logging-Management-InclusionRule"></a><p class="title"><strong>Figure&#160;9.2.&#160;Editing an inclusion rule</strong></p><div class="figure-contents"><div class="mediaobject"><table border="0" style="cellpadding: 0; cellspacing: 0;" summary="manufactured viewport for HTML img" width="900"><tr><td><img alt="Editing an inclusion rule" src="images/Management-Web-Logging-InclusionRule.png" width="900" /></td></tr></table></div></div></div><p><br class="figure-break" />
+    </p><p> The figure below shows a Memory Logger. Note that the Memory Logger provides access to
+      the cached message via the viewer towards the bottom on the tab. </p><div class="figure"><a id="Java-Broker-Runtime-Logging-Management-MemoryLogger"></a><p class="title"><strong>Figure&#160;9.3.&#160;Viewing a memory logger</strong></p><div class="figure-contents"><div class="mediaobject"><table border="0" style="cellpadding: 0; cellspacing: 0;" summary="manufactured viewport for HTML img" width="900"><tr><td><img alt="Viewing a memory logger" src="images/Management-Web-Logging-MemoryLogger.png" width="900" /></td></tr></table></div></div></div><p><br class="figure-break" />
+    </p></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Security-Configuration-Encryption.html">Prev</a>&#160;</td><td align="center" width="20%">&#160;</td><td align="right" width="40%">&#160;<a accesskey="n" href="Java-Broker-Runtime-Disk-Space-Management.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">8.4.&#160;Configuration Encryption&#160;</td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%">&#160;9.2.&#160;Disk Space Management</td></tr></table></div></div>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/082a5541/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Security-AccessControlProviders.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Security-AccessControlProviders.html.in b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Security-AccessControlProviders.html.in
new file mode 100644
index 0000000..753d59c
--- /dev/null
+++ b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Security-AccessControlProviders.html.in
@@ -0,0 +1,221 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">8.3.&#160;Access Control Providers</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Security-Group-Providers.html">Prev</a>&#160;</td><th align="center" width="60%">Chapter&#160;8.&#160;Security</th><td align="right" width="20%">&#160;<a accesskey="n" href="Java-Broker-Security-Configuration-Encryption.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Security-AccessControlProviders"></a>8.3.&#160;Access Control Providers</h2></div></div></div><p>
+    The Access Control Provider governs the actions that a user may perform.
+  </p><p>There are two points within the hierarchy that enforce access control: the Broker itself and at each Virtual
+    Host. When an access decision needs to be made, the nearest control point configured with a provider is consulted
+    for a decision.  The example, when making a decision about the ability to say, consume from, a Queue, if the
+    Virtual Host is configured with Access Control Provider it is consulted.  Unless a decision is made, the decision
+    is delegated to the Access Control Provider configured at the Broker.
+  </p><p>Access Control Providers are configured with a list of ACL rules. The rules determine to which objects
+    the user has access and what actions the user may perform on those objects.  Rules are ordered and are considered
+    top to bottom.  The first matching rule makes the access decision.
+  </p><p>
+    ACL rules may be written in terms of user or group names. A rule written in terms of a group name applies to the
+    user if he is a member of that group. Groups information is obtained from the
+    <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Authentication-Providers" title="8.1.&#160;Authentication Providers">Authentication Providers</a>
+    and
+    <a class="link" href="Java-Broker-Security-Group-Providers.html" title="8.2.&#160;Group Providers">Group Providers</a>.  Writing ACL in terms of groups is
+    recommended.
+  </p><p>
+    The Access Control Providers can be configured using
+    <a class="link" href="Java-Broker-Management-Channel-REST-API.html" title="6.3.&#160;REST API">REST Management interfaces</a>
+    and <a class="link" href="Java-Broker-Management-Channel-Web-Console.html" title="6.2.&#160;Web Management Console">Web Management Console</a>.
+  </p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-AccessControlProviders-Types"></a>8.3.1.&#160;Types</h3></div></div></div><p>There are currently two types of Access Control Provider implementing ACL rules.
+      </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p><span class="emphasis"><em>RulesBased</em></span> - a provider that stores the rules-set within
+           the Broker's or VirtualHost's configuration.  When used with HA, the Virtualhost
+           rules automatically propagated to all nodes participating within the HA group.</p></li><li class="listitem"><p>
+            </p><p><span class="emphasis"><em>ACLFile</em></span> - an older provider that references an externally provided
+              ACL file (or data url).  This provider is deprecated.</p><p>
+          </p></li></ul></div><p>
+    </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-AccessControlProviders-ACLRules"></a>8.3.2.&#160;
+       ACL Rules
+    </h3></div></div></div><p>
+      An ACL rule-set is an ordered list of ACL rules.</p><p>An ACL rule comprises matching criteria that determines if a rule applies to a situation and a decision
+      outcome. The rule produces an outcome only if the all matching criteria are satisfied.
+    </p><p>Matching criteria is composed of an ACL object type (e.g. <code class="literal">QUEUE</code>), an ACL action
+      (e.g. <code class="literal">UPDATE</code>) and other properties that further refine if a match is made. These properties
+      restrict the match based on additional criteria such as name or IP address. ACL Object type <code class="literal">ALL</code>
+      matches any object.  Likewise ACL Action <code class="literal">ALL</code> matches any action.
+    </p><p>Let's look at some examples.</p><pre class="programlisting">
+      ACL ALLOW alice CREATE QUEUE              # Grants alice permission to create all queues.
+      ACL DENY bob CREATE QUEUE name="myqueue"  # Denies bob permission to create a queue called "myqueue"
+    </pre><p>
+      As discussed, the ACL rule-set is considered in order with the first matching rule taking precedence over all those
+      that follow. In the following example, if the user bob tries to create an exchange "myexch", the action
+      will be allowed by the first rule. The second rule will never be considered.
+    </p><pre class="programlisting">
+      ACL ALLOW bob ALL EXCHANGE
+      ACL DENY bob CREATE EXCHANGE name="myexch"  # Dead rule
+    </pre><p>
+      If the desire is to allow bob to create all exchanges except "myexch", order of the rules must be reversed:
+    </p><pre class="programlisting">
+      ACL DENY bob CREATE EXCHANGE name="myexch"
+      ACL ALLOW bob ALL EXCHANGE
+    </pre><p>
+      If a rule-set fails to make a decision, the result is configurable. By default, the <code class="literal">RuleBased</code>
+      provider defers the decision allowing another provider further up the hierarchy to make a decision (i.e. allowing
+      the VirtualHost control point to delegate to the Broker). In the case of the ACLFile provider, by default, its
+      rule-set implicit have a rule denying all operations to all users. It is as if the rule-set ends with
+      <code class="literal">ACL DENY ALL ALL</code>.   If no access control provider makes a decision the default is to
+      deny the action.
+    </p><p>
+      When writing a new ACL, a useful approach is to begin with an rule-set containing only
+      </p><pre class="programlisting">ACL DENY-LOG ALL ALL</pre><p> at the Broker control point which will cause the Broker to
+      deny all operations with details of the denial logged. Build up the ACL rule by rule, gradually working through
+      the use-cases of your system. Once the ACL is complete, consider switching the DENY-LOG actions to DENY.
+    </p><p>
+      ACL rules are very powerful: it is possible to write very granular rules specifying many broker objects and their
+      properties.  Most projects probably won't need this degree of flexibility.  A reasonable approach is to choose to apply permissions
+      at a certain level of abstractions and apply them consistently across the whole system.
+    </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-AccessControlProviders-Syntax"></a>8.3.3.&#160;
+       Syntax
+    </h3></div></div></div><p>
+       ACL rules follow this syntax:
+    </p><pre class="programlisting">
+     ACL {permission} {&lt;group-name&gt;|&lt;user-name&gt;|ALL} {action|ALL} [object|ALL] [property="&lt;property-value&gt;"]
+    </pre><p>
+       Comments may be introduced with the hash (#) character and are ignored.  Long lines can be broken with the slash (\) character.
+    </p><pre class="programlisting">
+      # A comment
+      ACL ALLOW admin CREATE ALL # Also a comment
+      ACL DENY guest \
+      ALL ALL   # A broken line
+    </pre></div><div class="table"><a id="table-Java-Broker-Security-AccessControlProviders-Syntax_permissions"></a><p class="title"><strong>Table&#160;8.1.&#160;List of ACL permission</strong></p><div class="table-contents"><table border="1" summary="List of ACL permission"><colgroup><col /><col /></colgroup><tbody><tr><td><span class="command"><strong>ALLOW</strong></span></td><td><p>Allow the action</p></td></tr><tr><td><span class="command"><strong>ALLOW-LOG</strong></span></td><td><p> Allow the action and log the action in the log </p></td></tr><tr><td><span class="command"><strong>DENY</strong></span></td><td><p> Deny the action</p></td></tr><tr><td><span class="command"><strong>DENY-LOG</strong></span></td><td><p> Deny the action and log the action in the log</p></td></tr></tbody></table></div></div><br class="table-break" /><div class="table"><a id="table-Java-Broker-Security-AccessControlProviders-Syntax_actions"></a><p class="title"><strong>Table&#160;8.2.&#160;List of ACL
  actions</strong></p><div class="table-contents"><table border="1" summary="List of ACL actions"><colgroup><col /><col /><col /><col /></colgroup><thead><tr><th><p>Action</p></th><th><p>Description</p></th><th><p>Supported object types</p></th><th><p>Supported properties</p></th></tr></thead><tbody><tr><td> <span class="command"><strong>CONSUME</strong></span> </td><td> <p> Applied when subscriptions are created </p> </td><td><p>QUEUE</p></td><td><p>name, autodelete, temporary, durable, exclusive, alternate, owner, virtualhost_name</p></td></tr><tr><td> <span class="command"><strong>PUBLISH</strong></span> </td><td> <p> Applied on a per message basis on publish message transfers</p> </td><td><p>EXCHANGE</p></td><td><p>name, routingkey, virtualhost_name</p></td></tr><tr><td> <span class="command"><strong>CREATE</strong></span> </td><td> <p> Applied when an object is created, such as bindings, queues, exchanges</p> </td><td><p>VIRTUALHOSTNODE, VIRTUALHOST, EXCHANGE, QUEUE, USER, GROUP
 </p></td><td><p>see properties on the corresponding object type</p></td></tr><tr><td> <span class="command"><strong>ACCESS</strong></span> </td><td> <p> Applied when a connection is made for messaging or management</p> </td><td><p>VIRTUALHOST, MANAGEMENT</p></td><td><p>name (for VIRTUALHOST only)</p></td></tr><tr><td> <span class="command"><strong>BIND</strong></span> </td><td> <p> Applied when queues are bound to exchanges</p> </td><td><p>EXCHANGE</p></td><td><p>name, routingKey, queue_name, virtualhost_name, temporary, durable</p></td></tr><tr><td> <span class="command"><strong>UNBIND</strong></span> </td><td> <p> Applied when queues are unbound from exchanges</p> </td><td><p>EXCHANGE</p></td><td><p>name, routingKey, queue_name, virtualhost_name, temporary, durable</p></td></tr><tr><td> <span class="command"><strong>DELETE</strong></span> </td><td> <p> Applied when objects are deleted </p> </td><td><p>VIRTUALHOSTNODE, VIRTUALHOST, EXCHANGE, QUEUE, USER, GROUP</p></td><td><p>see pr
 operties on the corresponding object type</p></td></tr><tr><td> <span class="command"><strong>PURGE</strong></span> </td><td>
+          <p>Applied when the contents of a queue is purged</p> </td><td><p>QUEUE</p></td><td><p> </p></td></tr><tr><td> <span class="command"><strong>UPDATE</strong></span> </td><td> <p> Applied when an object is updated </p> </td><td><p>VIRTUALHOSTNODE, VIRTUALHOST, EXCHANGE, QUEUE, USER, GROUP</p></td><td><p>see EXCHANGE and QUEUE properties</p></td></tr><tr><td> <span class="command"><strong>CONFIGURE</strong></span> </td><td> <p> Applied when a Broker/Port/Authentication Provider/Access Control Provider/BrokerLogger is created/update/deleted.</p> </td><td><p>BROKER</p></td><td><p> </p></td></tr><tr><td><span class="command"><strong>ACCESS_LOGS</strong></span> </td><td><p>Allows/denies the specific user to download log file(s).</p> </td><td><p>BROKER, VIRTUALHOST</p></td><td><p>name (for VIRTUALHOST only)</p></td></tr><tr><td><span class="command"><strong>SHUTDOWN</strong></span> </td><td><p>Allows/denies the specific user to shutdown the Broker.</p> </td><td><p>BROKER</p></td><
 td><p /></td></tr><tr><td><span class="command"><strong>INVOKE</strong></span> </td><td><p>Allows/denies the specific user to invoke the named operation.</p> </td><td><p>BROKER, VIRTUALHOSTNODE, VIRTUALHOST, EXCHANGE, QUEUE, USER, GROUP</p></td><td><p>method_name, name and virtualhost_name</p></td></tr></tbody></table></div></div><br class="table-break" /><div class="table"><a id="table-Java-Broker-Security-AccessControlProviders-Syntax_objects"></a><p class="title"><strong>Table&#160;8.3.&#160;List of ACL objects</strong></p><div class="table-contents"><table border="1" summary="List of ACL objects"><colgroup><col /><col /><col /><col /></colgroup><thead><tr><th><p>Object type</p></th><th><p>Description</p></th><th><p>Supported actions</p></th><th><p>Supported properties</p></th><th><p>Allowed in Virtualhost ACLs?</p></th></tr></thead><tbody><tr><td> <span class="command"><strong>VIRTUALHOSTNODE</strong></span> </td><td> <p>A virtualhostnode or remote replication node</p> </td><td>
 <p>ALL, CREATE, UPDATE, DELETE, INVOKE</p> </td><td><p>name</p> </td><td><p>No</p> </td></tr><tr><td> <span class="command"><strong>VIRTUALHOST</strong></span> </td><td> <p>A virtualhost</p> </td><td><p>ALL, CREATE, UPDATE, DELETE, ACCESS, ACCESS_LOGS, INVOKE</p> </td><td><p>name</p> </td><td><p>No</p> </td></tr><tr><td> <span class="command"><strong>QUEUE</strong></span> </td><td> <p>A queue </p> </td><td><p>ALL, CREATE, DELETE, PURGE, CONSUME, UPDATE, INVOKE</p></td><td><p>name, autodelete, temporary, durable, exclusive, alternate, owner, virtualhost_name</p></td><td><p>Yes</p> </td></tr><tr><td> <span class="command"><strong>EXCHANGE</strong></span> </td><td><p>An exchange</p></td><td><p>ALL, ACCESS, CREATE, DELETE, BIND, UNBIND, PUBLISH, UPDATE, INVOKE</p></td><td><p>name, autodelete, temporary, durable, type, virtualhost_name, queue_name(only for BIND and UNBIND), routingkey(only for BIND and UNBIND, PUBLISH)</p></td><td><p>Yes</p> </td></tr><tr><td> <span class="command"><stro
 ng>USER</strong></span> </td><td> <p>A user</p> </td><td><p>ALL, CREATE, DELETE, UPDATE, INVOKE</p></td><td><p>name</p></td><td><p>No</p> </td></tr><tr><td> <span class="command"><strong>GROUP</strong></span> </td><td> <p>A group</p> </td><td><p>ALL, CREATE, DELETE, UPDATE, INVOKE</p></td><td><p>name</p></td><td><p>No</p> </td></tr><tr><td> <span class="command"><strong>BROKER</strong></span> </td><td> <p>The broker</p> </td><td><p>ALL, CONFIGURE, ACCESS_LOGS, INVOKE</p></td><td><p /></td><td><p>No</p> </td></tr></tbody></table></div></div><br class="table-break" /><div class="table"><a id="table-Java-Broker-Security-AccessControlProviders-Syntax_properties"></a><p class="title"><strong>Table&#160;8.4.&#160;List of ACL properties</strong></p><div class="table-contents"><table border="1" summary="List of ACL properties"><colgroup><col /><col /></colgroup><tbody><tr><td><span class="command"><strong>name</strong></span> </td><td> <p> String. Object name, such as a queue name or exchan
 ge name.</p> </td></tr><tr><td> <span class="command"><strong>durable</strong></span> </td><td> <p> Boolean. Indicates the object is durable </p> </td></tr><tr><td> <span class="command"><strong>routingkey</strong></span> </td><td> <p> String. Specifies routing key </p> </td></tr><tr><td> <span class="command"><strong>autodelete</strong></span> </td><td> <p> Boolean. Indicates whether or not the object gets deleted when the connection is closed </p> </td></tr><tr><td> <span class="command"><strong>exclusive</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>exclusive</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>temporary</strong></span> </td><td> <p> Boolean. Indicates the presence of an <em class="parameter"><code>temporary</code></em> flag </p> </td></tr><tr><td> <span class="command"><strong>type</strong></span> </td><td> <p> String. Type of object, such as topic, or fanout</p> </td></tr><tr><td> <span class="
 command"><strong>alternate</strong></span> </td><td> <p> String. Name of the alternate exchange </p> </td></tr><tr><td> <span class="command"><strong>queue_name</strong></span> </td><td> <p> String. Name of the queue (used only when the object is EXCHANGE for BIND and UNBIND actions)</p> </td></tr><tr><td> <span class="command"><strong>component</strong></span> </td><td> <p> String. component name</p> </td></tr><tr><td> <span class="command"><strong>from_network</strong></span> </td><td>
+            <p>
+              Comma-separated strings representing IPv4 address ranges.
+            </p>
+            <p>
+              Intended for use in ACCESS VIRTUALHOST rules to apply firewall-like restrictions.
+            </p>
+            <p>
+              The rule matches if any of the address ranges match the IPv4 address of the messaging client.
+              The address ranges are specified using either Classless Inter-Domain Routing notation
+              (e.g. 192.168.1.0/24; see <a class="link" href="http://tools.ietf.org/html/rfc4632" target="_top">RFC 4632</a>)
+              or wildcards (e.g. 192.169.1.*).
+            </p>
+          </td></tr><tr><td> <span class="command"><strong>from_hostname</strong></span> </td><td>
+            <p>
+              Comma-separated strings representing hostnames, specified using Perl-style regular
+              expressions, e.g. .*\.example\.company\.com
+            </p>
+            <p>
+              Intended for use in ACCESS VIRTUALHOST rules to apply firewall-like restrictions.
+            </p>
+            <p>
+              The rule matches if any of the patterns match the hostname of the messaging client.
+            </p>
+            <p>
+              To look up the client's hostname, Qpid uses Java's DNS support, which internally caches its results.
+            </p>
+            <p>
+              You can modify the time-to-live of cached results using the *.ttl properties described on the
+              Java <a class="link" href="http://docs.oracle.com/javase/8/docs/technotes/guides/net/properties.html" target="_top">Networking
+              Properties</a> page.
+            </p>
+            <p>
+              For example, you can either set system property sun.net.inetaddr.ttl from the command line
+              (e.g. export QPID_OPTS="-Dsun.net.inetaddr.ttl=0") or networkaddress.cache.ttl in
+              $JAVA_HOME/lib/security/java.security. The latter is preferred because it is JVM
+              vendor-independent.
+            </p>
+          </td></tr><tr><td><span class="command"><strong>virtualhost_name</strong></span></td><td>
+            <p>
+              String. A name of virtual host to which the rule is applied.
+            </p>
+          </td></tr><tr><td><span class="command"><strong>method_name</strong></span></td><td>
+            <p>
+              String. The name of the method. A trailing wildcard (*) is permitted.  Used with INVOKE ACL action.
+            </p>
+          </td></tr><tr><td><span class="command"><strong>attribute_names</strong></span></td><td>
+            <p>
+              Specifies attribute name criteria.  Used by UPDATE ACL actions only.  Rules with this criteria will match
+              if and only if the set of attributes being updated Comma separated list of attribute names .  This criteria
+              will match if all attributes included within the update appear in the set described by
+              <code class="literal">attribute_names</code>.
+            </p>
+          </td></tr></tbody></table></div></div><br class="table-break" /><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-AccessControlProviders-WorkedExamples"></a>8.3.4.&#160;
+      Worked Examples
+    </h3></div></div></div><p>
+      Here are some example ACLs illustrating common use cases.
+    </p><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Security-AccessControlProviders-WorkedExample1"></a>8.3.4.1.&#160;
+        Worked example 1 - Management rights
+      </h4></div></div></div><p>
+        Suppose you wish to permission two users: a user <code class="literal">operator</code> must be able to perform all
+        Management operations, and a user 'readonly' must be enable to perform only read-only actions. Neither
+        <code class="literal">operator</code> nor <code class="literal">readonly</code> should be allowed to connect clients for
+        messaging.
+      </p><div class="example"><a id="d0e5292"></a><p class="title"><strong>Example&#160;8.1.&#160;Worked example 1 - Management rights</strong></p><div class="example-contents"><pre class="programlisting">
+          # Deny operator/readonly permission to connect for messaging.
+          ACL DENY-LOG operator ACCESS VIRTUALHOST
+          ACL DENY-LOG readonly ACCESS VIRTUALHOST
+          # Give operator permission to perfom all actions
+          ACL ALLOW operator ALL ALL
+          # Give readonly access permission to virtualhost. (Read permission for all objects implicit)
+          ACL ALLOW readonly ACCESS MANAGEMENT
+          ...
+          ... rules for other users
+          ...
+        </pre></div></div><br class="example-break" /></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Security-AccessControlProviders-WorkedExample2"></a>8.3.4.2.&#160;
+        Worked example 2 - Simple Messaging
+      </h4></div></div></div><p>
+        Suppose you wish to permission a system for application messaging.  User <code class="literal">publisher</code>
+        needs permission to publish to <code class="literal">appqueue</code> and consumer needs permission to consume
+        from the same queue object. We also want <code class="literal">operator</code> to be able to inspect messages
+        and delete messages in case of the need to intervene.  This example assumes that the queue exists on
+        the Broker.
+      </p><p>
+        We use this ACL to illustrate separate Broker and Virtualhost access control providers.
+      </p><p>
+        The following ACL rules are given to the Broker.
+      </p><div class="example"><a id="d0e5315"></a><p class="title"><strong>Example&#160;8.2.&#160;Worked example 2 - Simple Messaging - Broker ACL rules</strong></p><div class="example-contents"><pre class="programlisting">
+# This gives the operate permission to delete messages on all queues on all virtualhost
+ACL ALLOW operator ACCESS MANAGEMENT
+ACL ALLOW operator INVOKE QUEUE method_name="deleteMessages"
+ACL ALLOW operator INVOKE QUEUE method_name="getMessage*"
+        </pre></div></div><br class="example-break" /><p>
+        And the following ACL rule-set is applied to the Virtualhost.  The default outcome of the
+        Access Control Provider must be <code class="literal">DEFERED</code>.  This means that if a request for
+        access is made for which there are no matching rules, the decision will be deferred to the
+        Broker so it can make a decision instead.
+      </p><div class="example"><a id="d0e5325"></a><p class="title"><strong>Example&#160;8.3.&#160;Worked example 2 - Simple Messaging - Virtualhost ACL rules</strong></p><div class="example-contents"><pre class="programlisting">
+# Configure the rule-set to DEFER decisions that have no matching rules.
+CONFIG DEFAULTDEFER=TRUE
+# Allow client and server to connect to the virtual host.
+ACL ALLOW publisher ACCESS VIRTUALHOST
+ACL ALLOW consumer ACCESS VIRTUALHOST
+
+ACL ALLOW publisher PUBLISH EXCHANGE name="" routingKey="appqueue"
+ACL ALLOW consumer CONSUME QUEUE name="appqueue"
+# In some addressing configurations, the Qpid JMS AMQP 0-x client, will declare the queue as a side effect of creating the consumer.
+# The following line allows for this.  For the Qpid JMS AMQP 1.0 client, this is not required.
+ACL ALLOW consumer CREATE QUEUE name="appqueue"
+        </pre></div></div><br class="example-break" /></div><div class="section"><div class="titlepage"><div><div><h4 class="title"><a id="Java-Broker-Security-AccessControlProviders-WorkedExample3"></a>8.3.4.3.&#160;
+        Worked example 3 - firewall-like access control
+      </h4></div></div></div><p>
+        This example illustrates how to set up an ACL that restricts the IP addresses and hostnames
+        of messaging clients that can access a virtual host.
+      </p><div class="example"><a id="d0e5335"></a><p class="title"><strong>Example&#160;8.4.&#160;Worked example 3 - firewall-like access control</strong></p><div class="example-contents"><pre class="programlisting">
+          ################
+          # Hostname rules
+          ################
+
+          # Allow messaging clients from company1.com and company1.co.uk to connect
+          ACL ALLOW all ACCESS VIRTUALHOST from_hostname=".*\.company1\.com,.*\.company1\.co\.uk"
+
+          # Deny messaging clients from hosts within the dev subdomain
+          ACL DENY-LOG all ACCESS VIRTUALHOST from_hostname=".*\.dev\.company1\.com"
+
+          ##################
+          # IP address rules
+          ##################
+
+          # Deny access to all users in the IP ranges 192.168.1.0-192.168.1.255 and 192.168.2.0-192.168.2.255,
+          # using the notation specified in RFC 4632, "Classless Inter-domain Routing (CIDR)"
+          ACL DENY-LOG messaging-users ACCESS VIRTUALHOST \
+          from_network="192.168.1.0/24,192.168.2.0/24"
+
+          # Deny access to all users in the IP ranges 192.169.1.0-192.169.1.255 and 192.169.2.0-192.169.2.255,
+          # using wildcard notation.
+          ACL DENY-LOG messaging-users ACCESS VIRTUALHOST \
+          from_network="192.169.1.*,192.169.2.*"
+        </pre></div></div><br class="example-break" /></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Security-Group-Providers.html">Prev</a>&#160;</td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td align="right" width="40%">&#160;<a accesskey="n" href="Java-Broker-Security-Configuration-Encryption.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">8.2.&#160;Group Providers&#160;</td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%">&#160;8.4.&#160;Configuration Encryption</td></tr></table></div></div>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/082a5541/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Security-Configuration-Encryption.html.in
----------------------------------------------------------------------
diff --git a/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Security-Configuration-Encryption.html.in b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Security-Configuration-Encryption.html.in
new file mode 100644
index 0000000..f13dfe9
--- /dev/null
+++ b/input/releases/qpid-broker-j-7.0.3/book/Java-Broker-Security-Configuration-Encryption.html.in
@@ -0,0 +1,20 @@
+<div class="docbook"><div class="navheader"><table summary="Navigation header" width="100%"><tr><th align="center" colspan="3">8.4.&#160;Configuration Encryption</th></tr><tr><td align="left" width="20%"><a accesskey="p" href="Java-Broker-Security-AccessControlProviders.html">Prev</a>&#160;</td><th align="center" width="60%">Chapter&#160;8.&#160;Security</th><td align="right" width="20%">&#160;<a accesskey="n" href="Java-Broker-Runtime.html">Next</a></td></tr></table><hr /></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="Java-Broker-Security-Configuration-Encryption"></a>8.4.&#160;Configuration Encryption</h2></div></div></div><p> The Broker is capable of encrypting passwords and other security items stored in the
+    Broker's configuration. This is means that items such as keystore/truststore passwords, JDBC
+    passwords, and LDAP passwords can be stored in the configure in a form that is difficult to
+    read.</p><p>The Broker ships with an encryptor implementation called <code class="literal">AESKeyFile</code>. This
+    uses a securely generated random key of 256bit<a class="footnote" href="#ftn.d0e5351" id="d0e5351"><sup class="footnote">[9]</sup></a> to encrypt the secrets stored within a key
+    file. Of course, the key itself must be guarded carefully, otherwise the passwords encrypted
+    with it may be compromised. For this reason, the Broker ensures that the file's permissions
+    allow the file to be read exclusively by the user account used for running the Broker.</p><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Important</h3><p>If the keyfile is lost or corrupted, the secrets will be irrecoverable.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Configuration-Encryption-Configuration"></a>8.4.1.&#160;Configuration</h3></div></div></div><p>The <code class="literal">AESKeyFile</code> encyptor provider is enabled/disabled via the <a class="link" href="Java-Broker-Management-Managing-Broker.html" title="7.2.&#160;Broker">Broker attributes</a> within the
+      Web Management Console.  On enabling the provider, any existing passwords within the
+      configuration will be automatically rewritten in the encrypted form.</p><p>Note that passwords stored by the Authentication Providers <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-PlainPasswordFile-Provider" title="8.1.8.&#160;Plain Password File (Deprecated)">PlainPasswordFile</a> and.
+        <a class="link" href="Java-Broker-Security.html#Java-Broker-Security-Base64MD5PasswordFile-Provider" title="8.1.10.&#160;Base64MD5 Password File (Deprecated)">PlainPasswordFile</a>
+      with the external password files are <span class="emphasis"><em>not</em></span> encrypted by the key. Use the
+      Scram Authentication Managers instead; these make use of the Configuration Encryption when
+      storing the users' passwords. </p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a id="Java-Broker-Security-Configuration-Encryption-Alternate-Implementations"></a>8.4.2.&#160;Alternate Implementations</h3></div></div></div><p>If the <code class="literal">AESKeyFile</code> encryptor implementation does not meet the needs of
+      the user, perhaps owing to the security standards of their institution, the
+        <code class="literal">ConfigurationSecretEncrypter</code> interface is designed as an extension point.
+      Users may implement their own implementation of ConfigurationSecretEncrypter perhaps to employ
+      stronger encryption or delegating the storage of the key to an Enterprise Password
+      Safe.</p></div><div class="footnotes"><br /><hr style="width:100; text-align:left;margin-left: 0" /><div class="footnote" id="ftn.d0e5351"><p><a class="para" href="#d0e5351"><sup class="para">[9] </sup></a>Java Cryptography Extension (JCE)
+        Unlimited Strength required</p></div></div></div><div class="navfooter"><hr /><table summary="Navigation footer" width="100%"><tr><td align="left" width="40%"><a accesskey="p" href="Java-Broker-Security-AccessControlProviders.html">Prev</a>&#160;</td><td align="center" width="20%"><a accesskey="u" href="Java-Broker-Security.html">Up</a></td><td align="right" width="40%">&#160;<a accesskey="n" href="Java-Broker-Runtime.html">Next</a></td></tr><tr><td align="left" valign="top" width="40%">8.3.&#160;Access Control Providers&#160;</td><td align="center" width="20%"><a accesskey="h" href="Apache-Qpid-Broker-J-Book.html">Home</a></td><td align="right" valign="top" width="40%">&#160;Chapter&#160;9.&#160;Runtime</td></tr></table></div></div>
\ No newline at end of file


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message