qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleksandr Rudyy <oru...@gmail.com>
Subject Re: Qpid java broker ACL
Date Sun, 06 Oct 2013 08:54:19 GMT
Hi Lalit,

With Qpid Java Broker ACL you can restrict the access by IP/network to
virtual hosts, for example

ACL ALLOW guest ACCESS VIRTUALHOST name="default"
from_hostname=".*\.company1\.com,.*\.company1\.co\.uk"
ACL DENY messaging-users ACCESS VIRTUALHOST
from_network="192.169.1.*,192.169.2.*"

Queue/Exchange ACL rules do not allow to set any IP/network
restrictions. However, you can configure ACL rules to CREATE, CONSUME,
DELETE queues and PUBLISH, BIND, UNBIND, CREATE, DELETE exchanges per
user or group, for example

ACL ALLOW guest CREATE QUEUE
ACL ALLOW messaging-users CONSUME QUEUE
ACL ALLOW messaging-users DELETE QUEUE
ACL ALLOW client PUBLISH EXCHANGE name="amq.direct"

Please, have a look into Java Broker Documentation at [1] for more
details about Java Broker supported ACL.

Kind Regards,
Alex

[1] http://qpid.apache.org/releases/qpid-0.24/java-broker/book/Java-Broker-Security-ACLs.html

On 4 October 2013 11:05,  <lalitd@barc.gov.in> wrote:
> Dear Sir/Madam
>
> Is it possible to provide Queue access control(ACL) based on
> publisher/consumer/client IP address in Qpid JAVA based broker. If
> possible, what is the way out?
>
> Thanks in advance
>
> cheers
> Lalit D.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
> For additional commands, e-mail: dev-help@qpid.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message