qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Godfrey <rob.j.godf...@gmail.com>
Subject Re: How to define RulesBased ACLs using Qpid Broker-J 7.0.0
Date Tue, 23 Jan 2018 15:34:14 GMT
On 23 January 2018 at 13:25, bryand <bryan@bldixon.net> wrote:

> I'm using qpid-broker-j-7.0.0 and can't find anything in the documentation
> (https://qpid.apache.org/releases/qpid-broker-j-7.0.0/
> book/Java-Broker-Security-AccessControlProviders.html)
> for how to define rule based ACLs.
>
> In the documentation it states:
> ACLFile - an older provider that references an externally provided ACL file
> (or data url). This provider is deprecated.
>
> Since ACLFile is deprecated and I'm setting up a new Qpid Broker-J
> environment, I don't want to use that.  However, if I pick RulesBased in
> the
> Web Management Console I don't have any options to enter the rules -  how
> do
> I define the rules?
>
>
>
Apologies, the UI should really expose the features of the underlying REST
API here to help.

The basic structure of the configuration of a RuleBase ACL Provider is
defined by

https://github.com/apache/qpid-broker-j/blob/master/broker-plugins/access-control/src/main/java/org/apache/qpid/server/security/access/plugins/RuleBasedAccessControlProvider.java

That is there is an attribute of this object named "rules" which contains a
list of rule instances (serialised as json objects).  The rule objects
essentially correspond to the form of the "legacy" rules (see the default
value as an example of the format).  You can set the value of the rules
attribute through the REST API [1]

The provider also allows a "legacy" ACL file to be uploaded directly
through the "loadFromFile" operation[2] which takes a query parameter
"path" which points to a path on the machine running the broker.

Hope this helps,
Rob

[1]
https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Management-Channel-REST-API.html#Java-Broker-Management-Channel-REST-API-Update
[2]
https://qpid.apache.org/releases/qpid-broker-j-7.0.0/book/Java-Broker-Management-Channel-REST-API.html#Java-Broker-Management-Channel-REST-API-Operations



>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-
> f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message