diff options
Diffstat (limited to 'qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml')
-rw-r--r-- | qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml | 56 |
1 files changed, 31 insertions, 25 deletions
diff --git a/qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml b/qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml index eaecd85770..34ea443ef7 100644 --- a/qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml +++ b/qpid/doc/book/src/java-broker/Java-Broker-Security-Group-Providers.xml @@ -22,39 +22,45 @@ --> <section id="Java-Broker-Security-Group-Providers"> - <title>Configuring Group Providers</title> + <title>Group Providers</title> <para> - The Java broker utilises GroupProviders to allow assigning users to groups for use in <link linkend="Java-Broker-Security-ACLs">ACLs</link>. Following authentication by a given <link linkend="Java-Broker-Security-Authentication-Providers">Authentication Provider</link>, the configured Group Providers are consulted to allowing assignment of GroupPrincipals for a given authenticated user. + The Java broker utilises GroupProviders to allow assigning users to groups for use in <link linkend="Java-Broker-Security-ACLs">ACLs</link>. + Following authentication by a given <link linkend="Java-Broker-Security-Authentication-Providers">Authentication Provider</link>, + the configured Group Providers are consulted allowing the assignment of GroupPrincipals for a given authenticated user. Any number of + Group Providers can be added into the Broker. All of them will be checked for the presence of the groups for a given authenticated user. </para> - + <para>The <emphasis>Group Provider</emphasis> can be configured using <link linkend="Java-Broker-Configuring-And-Managing-REST-API"> + REST Management interfaces</link> and <link linkend="Java-Broker-Configuring-And-Managing-Web-Console">Web Management Console</link>.</para> + <para>The following <emphasis>Group Provider</emphasis> managing operations are available from Web Management Console: + <itemizedlist> + <listitem><para>A new Group Provider can be added by clicking onto "Add Group Provider" button on a Broker tab.</para></listitem> + <listitem><para>An existing providers can be removed by pressing "Delete Group Provider" button + on Broker tab or Group Provider tab.</para></listitem> + <listitem><para>On clicking onto provider name in the Group Providers grid or Broker object tree, + the tab for the Group Provider is displayed.</para></listitem> + <listitem><para>A new group can be added into the Group Provider by clicking onto "Add Group" button on provider tab.</para></listitem> + <listitem><para>An existing group can be deleted from the Group Provider by clicking onto "Delete Group" button on provider tab.</para></listitem> + <listitem><para>On clicking onto group name in the groups grid, the tab with the list of existing + group members is displayed for the Group.</para></listitem> + <listitem><para>From the Group tab a new member can be added into a group or existing members can be deleted + from a group by clicking on "Add Group Member" or "Remove Group Members" accordingly.</para></listitem> + </itemizedlist> + </para> <section role="h3" id="File-Group-Manager"> - <title>FileGroupManager</title> - <para> - The FileGroupManager allows specifying group membership in a flat file on disk, and is also exposed for inspection and update through the brokers HTTP management interface. - </para> + <title>GroupFile Provider</title> <para> - To enable the FileGroupManager, add the following configuration to the config.xml, adjusting the groupFile attribute value to match your desired groups file location. + The <emphasis>GroupFile</emphasis> Provider allows specifying group membership in a flat file on disk. + On adding a new GroupFile Provider the path to the groups file is required to be specified. + If file does not exist an empty file is created automatically. On deletion of GroupFile Provider + the groups file is deleted as well. Only one instance of "GroupFile" Provider per groups file location can be created. + On attempt to create another GroupFile Provider pointing to the same location the error will be displayed and + the creation will be aborted. </para> - <programlisting><![CDATA[ - ... - <security> - <file-group-manager> - <attributes> - <attribute> - <name>groupFile</name> - <value>${conf}/groups</value> - </attribute> - </attributes> - </file-group-manager> - </security>]]> - ... -</programlisting> - - <section role="h4" id="File-Group-Manager-FileFormat"> + <section role="h4" id="File-Group-Manager-FileFormat"> <title>File Format</title> - <para> + <para> The groups file has the following format: </para> <programlisting> |