diff options
| author | Martin Ritchie <ritchiem@apache.org> | 2007-03-16 14:46:42 +0000 |
|---|---|---|
| committer | Martin Ritchie <ritchiem@apache.org> | 2007-03-16 14:46:42 +0000 |
| commit | 394322f25d041bab8617b1a7b96e2dd49835e93b (patch) | |
| tree | edee6539c123abf532521c973f3a68c5fce37492 /qpid/java/broker/etc/config.xml | |
| parent | e82b9aad31d0e67df8f9bbb82c39715e020b521f (diff) | |
| download | qpid-python-394322f25d041bab8617b1a7b96e2dd49835e93b.tar.gz | |
QPID-70 InVM Authentication QPID-419 Access Control QPID-423 Authentication per virtualhost
Restructured auth package.
Enabled InVM Authentication
Initial changes to allow authenticators per virtualhost.
Initial access control classes.
Initial work to allow access control testing through inVM broker.
git-svn-id: https://svn.apache.org/repos/asf/incubator/qpid/trunk@518988 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java/broker/etc/config.xml')
| -rw-r--r-- | qpid/java/broker/etc/config.xml | 169 |
1 files changed, 102 insertions, 67 deletions
diff --git a/qpid/java/broker/etc/config.xml b/qpid/java/broker/etc/config.xml index ab6daef62d..da0d13b72f 100644 --- a/qpid/java/broker/etc/config.xml +++ b/qpid/java/broker/etc/config.xml @@ -49,73 +49,108 @@ <framesize>65535</framesize> <compressBufferOnQueue>false</compressBufferOnQueue> </advanced> - <security> - <principal-databases> - <principal-database> - <name>passwordfile</name> - <class>org.apache.qpid.server.security.auth.PasswordFilePrincipalDatabase</class> - <attributes> - <attribute> - <name>passwordFile</name> - <value>${conf}/passwd</value> - </attribute> - </attributes> - </principal-database> - </principal-databases> - <sasl> - <mechanisms> - <mechanism> - <initialiser> - <class>org.apache.qpid.server.security.auth.CRAMMD5Initialiser</class> - <principal-database>passwordfile</principal-database> - </initialiser> - </mechanism> - <mechanism> - <initialiser> - <class>org.apache.qpid.server.security.auth.amqplain.AmqPlainInitialiser</class> - <principal-database>passwordfile</principal-database> - </initialiser> - </mechanism> - <mechanism> - <initialiser> - <class>org.apache.qpid.server.security.auth.plain.PlainInitialiser</class> - <principal-database>passwordfile</principal-database> - </initialiser> - </mechanism> - </mechanisms> - </sasl> - </security> - <virtualhosts> - <virtualhost> - <name>localhost</name> - <localhost> - <store> - <!-- <class>org.apache.qpid.server.store.berkeleydb.BDBMessageStore</class> --> - <class>org.apache.qpid.server.store.MemoryMessageStore</class> - <environment-path>localhost-store</environment-path> - </store> - </localhost> - </virtualhost> - - <virtualhost> - <name>development</name> - <development> - <store> - <class>org.apache.qpid.server.store.MemoryMessageStore</class> - </store> - </development> - </virtualhost> - - <virtualhost> - <name>test</name> - <test> - <store> - <class>org.apache.qpid.server.store.MemoryMessageStore</class> - </store> - </test> - </virtualhost> - - </virtualhosts> + + <principal-databases> + <principal-database> + <name>passwordfile</name> + <class>org.apache.qpid.server.security.auth.database.PlainPasswordVhostFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/passwdVhost</value> + </attribute> + </attributes> + </principal-database> + + <principal-database> + <name>md5passwordfile</name> + <class>org.apache.qpid.server.security.auth.database.MD5PasswordFilePrincipalDatabase</class> + <attributes> + <attribute> + <name>passwordFile</name> + <value>${conf}/md5passwd</value> + </attribute> + </attributes> + </principal-database> + </principal-databases> + + <access> + <class>org.apache.qpid.server.security.access.AllowAll</class> + </access> + + <virtualhosts> + <virtualhost> + <name>localhost</name> + <localhost> + <store> + <!-- <class>org.apache.qpid.server.store.berkeleydb.BDBMessageStore</class> --> + <class>org.apache.qpid.server.store.MemoryMessageStore</class> + <environment-path>localhost-store</environment-path> + </store> + + <security> + <!-- Need protocol changes to allow this--> + <authentication> + <name>passwordfile</name> + <!-- Currently this can't be used as Vhost isn't specified at connection start only connection open --> + <mechanism>PLAIN</mechanism> + </authentication> + <access> + <class>org.apache.qpid.server.security.access.PrincipalDatabaseAccessManager</class> + <attributes> + <attribute> + <name>principalDatabase</name> + <value>passwordfile</value> + </attribute> + <attribute> + <name>defaultAccessManager</name> + <value>DenyAll</value> + </attribute> + </attributes> + </access> + </security> + </localhost> + </virtualhost> + + <virtualhost> + <name>development</name> + <development> + <store> + <class>org.apache.qpid.server.store.MemoryMessageStore</class> + </store> + <security> + <name>passwordfile-notusedyet</name> + <mechanism>PLAIN</mechanism> + <mechanism>CRAM-MD5</mechanism> + </security> + </development> + </virtualhost> + + <virtualhost> + <name>test</name> + <test> + <store> + <class>org.apache.qpid.server.store.MemoryMessageStore</class> + </store> + <security> + <name>passwordfile-notusedyet</name> + <mechanism>PLAIN</mechanism> + <mechanism>CRAM-MD5</mechanism> + </security> + <access> + <class>org.apache.qpid.server.security.access.PrincipalDatabaseAccessManager</class> + <attributes> + <attribute> + <name>principalDatabase</name> + <value>rubbish-to-cause-default</value> + </attribute> + </attributes> + </access> + + </test> + </virtualhost> + + </virtualhosts> <heartbeat> <delay>0</delay> <timeoutFactor>2.0</timeoutFactor> |