THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| No Format |
|---|
<advanced>
<filterchain enableExecutorPool="true"/>
<enablePooledAllocator>false</enablePooledAllocator>
<enableDirectBuffers>false</enableDirectBuffers>
<framesize>65535</framesize>
<compressBufferOnQueue>false</compressBufferOnQueue>
</advanced>
|
...
Security
This section lists all the principal databases that are available for authentication and the default access control. These The databases understand what SASL mechanisms can be used against their data and so are responsible for registering these SASL mechanisms. Currently we do not provide means of limiting these mechanisms. The proposal was to allow the virtualhosts to specify which database and mechanisms they wished to use however as documented in virtualhosts below this is not possible as currently in AMQP authentication occurs before the selection of a virtualhost.
| No Format |
|---|
<security> <principal-databases> <principal-database> <!-- A name for referencing this database--> <name>passwordfile</name> <!-- The type of principal database --> <class>org.apache.qpid.server.security.auth.database.PlainPasswordVhostFilePrincipalDatabase</class> <!-- Any attributes associated with the database. Here it is a password file to load. --> <attributes> <attribute> <name>passwordFile</name> <value>${conf}/passwdVhost</value> </attribute> </attributes>attribute> </principal-database> <principal-database> <name>md5passwordfile</name></attributes> <class>org.apache.qpid.server.security.auth.database.MD5PasswordFilePrincipalDatabase</class></principal-database> <attributes></principal-databases> <!-- This access value can be any access <attribute> manager. The built in defaults are AllowAll and <name>passwordFile</name>DenyAll --> <value>${conf}/md5passwd</value><access> </attribute> <class>org.apache.qpid.server.security.access.AllowAll</class> </attributes>access> </principal-database> </principal-databases>security> |
Virtualhosts
This section allows you to define the set of virtual hosts which will be contained in your broker instance, and the message store & location for each. The commented out section referencing BDBMessageStore should be used for all applications wishing to use persistence to disk.
...
| No Format |
|---|
<virtualhosts>
<virtualhost>
<name>localhost</name>
<localhost>
<!-- This section specifies the type of store to use. Be it the MemoryMessageStore or another 3rd party store -->
<store>
<!--class>org.apache.qpid.server.store.berkeleydb.BDBMessageStore</class>
<environment-path>${work}/bdb/localhost-store</environment-path-->
<class>org.apache.qpid.server.store.MemoryMessageStore</class>
</store>
<security>
<!-- Need protocol changes to allow this-->
<authentication>
<name>passwordfile</name>
<!-- Currently this can't be used as Vhost isn't specified at connection start only connection open -->
<mechanism>PLAIN</mechanism>
</authentication>
<access>
<!-- This is the type of AccessManager to use.-->
<class>org.apache.qpid.server.security.access.PrincipalDatabaseAccessManager</class>
<attributes>
<attribute>
<name>principalDatabase</name>
<value>passwordfile</value>
</attribute>
<attribute>
<!-- The defaultAccessManager can be either DenyAll or AllowAll -->
<name>defaultAccessManager</name>
<value>DenyAll</value>
</attribute>
</attributes>
</access>
</security>
</localhost>
</virtualhost>
<virtualhost>
<name>development</name>
<development>
<store>
<class>org.apache.qpid.server.store.MemoryMessageStore</class>
</store>
</development>
</virtualhost>
<virtualhost>
<name>test</name>
<test>
<store>
<class>org.apache.qpid.server.store.MemoryMessageStore</class>
</store>
</test>
</virtualhost>
</virtualhosts>
|
...