...
Code Block |
---|
user-list = user1 user2 user3 ...
group-name-list = group1 group2 group3 ...
group <group-name> = [user-list] [group-name-list]
permission = [allow|allow-log|deny|deny-log]
action = [consume|publish|create|access|bind|unbind|delete|purge|update]
object = [virtualhost|queue|exchange|broker|link|route]
property = [name|durable|owner|routingkey|passive|autodelete|exclusive|type|alternate|queuename]
acl permission {<group-name>|<user-name>|"all"} {action|"all"} [object|"all"] [property=<property-value>]
|
...
The C++ broker maps the ACL traps in the follow way for AMQP 0-10:
The Java broker currently only performs ACLs on the AMQP connection not on management functions:
The Java broker currently only performs ACLs on the AMQP connection not on management functions:
Object | Action | Properties | Trap C++ | Trap Java | |
---|---|---|---|---|---|
Exchange | Create | name type alternate passive durable | ExchangeHandlerImpl::declare | TBD ExchangeDeclareHandler | |
Exchange | Delete | name | ExchangeHandlerImpl::delete | TBD ExchangeDeleteHandler | |
Exchange | Access | name | ExchangeHandlerImpl::query | TBD | |
Exchange | Bind | name routingkey queuename owner | ExchangeHandlerImpl::bind | TBD QueueBindHandler | |
Exchange | Unbind | name routingkey | ExchangeHandlerImpl::unbind | TBD ExchangeUnbindHandler | |
Exchange | Access | name queuename routingkey | ExchangeHandlerImpl::bound | TBD | |
Exchange | Publish | name routingKey | SemanticState::route | TBD BasicPublishMethodHandler | |
Queue | Access | name | QueueHandlerImpl::query | TBD | |
Queue | Create | name alternate passive durable exclusive autodelete | QueueHandlerImpl::declare | TBD QueueDeclareHandler | |
Queue | Purge | name | QueueHandlerImpl::purge | TBD QueuePurgeHandler | |
Queue | Purge | name | Management::Queue::purge | TBD | |
Queue | Delete | name | QueueHandlerImpl::delete | TBD QueueDeleteHandler | |
Queue | Consume | name (possibly add in future?) | MessageHandlerImpl::subscribe | TBD BasicConsumeMethodHandler | |
<Object> | Update |
| ManagementProperty::set TBD | ||
<Object> | Access |
| ManagementProperty::read | TBD | |
Link | Create |
| Management::connect TBD | ||
Route | Create |
| Management:: -createFederationRoute- TBD | ||
Route | Delete |
| Management:: -deleteFederationRoute- | ||
Virtualhost | Access | name | TBD | ConnectionOpenMethodHandler |
Management actions that are not explicitly given a name property it will default the name property to management method name, if the action is 'W' Action will be 'Update', if 'R' Action will be 'Access'.
...