Versions Compared

Old Version 9

changes.mady.by.user Robert Gemmell

Saved on

compared with

New Version 10

changes.mady.by.user keith wall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Update due to QPID-3301

...

This page documents version 1 of Qpid ACLs that was implemented only in the Java broker and supported up to (and including) release 0.10. Newer releases support ACL V2 only.

Table of Contents

Anchor
specification
specification

...

No Format
...
<security>
  <access_control_list>
    <!-- This section grants virtualhost-level access to the specified users, giving
         giving them full permissions to all artifacts in the containing virtualhost -->
    <access>...</access>

    <!-- This section grants publish rights to an exchange + routing key pair -->
    <publish>...</publish>
                         
    <!-- This section grants users the ability to consume from the broker -->
    <consume>...</consume>
                            
    <!-- This section grants clients the ability to create queues and exchanges -->
    <create>...</create>
  </access_control_list>
...

...

Here the 'client' users is only give rights to PUBLISH messages using the key 'example.RequestQueue'.
The 'server' user is allowed to publish to 'tmp_*' and 'TempQueue*' keys. The reason there are two values here is due to changes in the naming of temporary queues during the example's development. However, what occurs here is that the 'server' is granted permission to publish messages to any routing key that begins with 'tmp_' or 'TempQueue', the '*' matching is only completed at the end of the key so entries such as 'Special*Key' are not allowed.

...

Remember that the routing_key value in the Java broker is the same as the queue name (correct at release of M4) for the amq.direct exchange. For topic exchanges the routing_key is the topic name that a Publisher uses to send messages.

No Format
<publish>    
    <exchanges>
        <exchange>
            <!-- This is the name of the exchange to limit publication to. -->
            <name>amq.direct</name>
            <routing_keys>

                <!-- Allow clients to publish requests -->
                <routing_key>
                    <value>example.RequestQueue</value>
                    <users>
                        <user>client</user>
                    </users>
                </routing_key>

                <!-- Allow the processor to respond to a client on their Temporary Topic -->
                <routing_key>
                    <value>tmp_*</value>
                    <users>
                        <user>server</user>
                    </users>
                </routing_key>
                <routing_key>
                    <value>TempQueue*</value>
                    <users>
                        <user>server</user>
                    </users>
                </routing_key>
            </routing_keys>

        </exchange>
    </exchanges>
</publish>

...

No Format
<consume>
  <queues>
     <queue>
        <name>clientid:subscriptionName</name>
        <users>
          <user>testuser</user>
        </users>
     </queue>
   </queues>
</consume>

<create>
  <queues>
     <queue>
        <name>clientid:subscriptionName</name>
        <users>
          <user>testuser</user>
        </users>
     </queue>
   </queues>
</create>

Known Issues

Anchor
issue-temporary
issue-temporary

...