Hi Carl, Have been out on holiday the last few days. I've been trying to find some time to put up some documentation about the ACLs that have been started on the Java Broker.
The various permissions in the Java broker (server.security.access.Permission) have not all been implemented. The focus was to provide a business friendly configuration so that end users did not need to know if someone should have bind or unbind permissions. One thing that is currently missing from the configuration is the ability to have 'Negative Permissions', It would be good to be able to state that user X is not allowed ACCESS to Virtualhost Y, rather than specifying all the users that ARE allowed ACCESS to Virtualhost Y. It would be good if we could co-ordinate to ensure we have interoperable configuration between the Qpid brokers. This would be beneficial for our users as they would not need to worry about converting any config between brokers. It would also make testing a lot easier as we can write an ACL test in a client along with a configuration which we can then instruct the target broker to run with. Currently the Java SimpleACLTest only provides the configuration to the InVM broker but it would be a logical next step to convert it to use the QpidTestCase model. For this to work however we would need to provide the ACL configuration hence if it was the same config for all Qpid Brokers then it would make that testing much simpler. Having looked through what the Java does do you have any comments / feedback? I don't know of anyone that is using this functionality yet so before it is documented and then potentially used it would be good to come to a solution that we are all happy to use in the Qpid Brokers. Regards Martin 2008/7/22 Carl Trieloff <[EMAIL PROTECTED]>: > > I have worked through the Java code and it looks like we can just re-use > what it does for C++ broker > also for ACL. Those that worked on it, was there anything lacking or you > wish was different? > > > Carl Trieloff wrote: >> >> I understand that the Java broker has some sort of RBAC implemented. Are >> there any notes >> so that we can copy / extend / crib ... the scheme for C++ broker. >> >> Thanks >> Carl. > > -- Martin Ritchie
