summaryrefslogtreecommitdiff
path: root/qpid/java/systests/etc/config-systests-firewall-3.xml
blob: 2068581ca132be8e47dd4b0b25cd095957a6e504 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
 -
 - Licensed to the Apache Software Foundation (ASF) under one
 - or more contributor license agreements.  See the NOTICE file
 - distributed with this work for additional information
 - regarding copyright ownership.  The ASF licenses this file
 - to you under the Apache License, Version 2.0 (the
 - "License"); you may not use this file except in compliance
 - with the License.  You may obtain a copy of the License at
 -
 -   http://www.apache.org/licenses/LICENSE-2.0
 -
 - Unless required by applicable law or agreed to in writing,
 - software distributed under the License is distributed on an
 - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 - KIND, either express or implied.  See the License for the
 - specific language governing permissions and limitations
 - under the License.
 -
 -->
<broker>
    <prefix>${QPID_HOME}</prefix>
    <work>${QPID_WORK}</work>
    <conf>${prefix}/etc</conf>
    <connector>
        <!-- To enable SSL edit the keystorePath and keystorePassword
	     and set enabled to true. 
             To disasble Non-SSL port set sslOnly to true -->
        <ssl>
            <enabled>false</enabled>
            <sslOnly>false</sslOnly>
            <keystorePath>/path/to/keystore.ks</keystorePath>
            <keystorePassword>keystorepass</keystorePassword>
        </ssl>
        <qpidnio>false</qpidnio>
        <protectio>
            <enabled>false</enabled>
            <readBufferLimitSize>262144</readBufferLimitSize>
            <writeBufferLimitSize>262144</writeBufferLimitSize>	    
        </protectio>
        <transport>nio</transport>
        <port>5672</port>
        <sslport>8672</sslport>
        <socketReceiveBuffer>32768</socketReceiveBuffer>
        <socketSendBuffer>32768</socketSendBuffer>
    </connector>
    <management>
        <enabled>false</enabled>
        <jmxport>8999</jmxport>
        <ssl>
            <enabled>false</enabled>
            <!-- Update below path to your keystore location, eg ${conf}/qpid.keystore  -->
            <keyStorePath>${prefix}/../test-profiles/test_resources/ssl/keystore.jks</keyStorePath>
            <keyStorePassword>password</keyStorePassword>
        </ssl>
    </management>
    <advanced>
        <filterchain enableExecutorPool="true"/>
        <enablePooledAllocator>false</enablePooledAllocator>
        <enableDirectBuffers>false</enableDirectBuffers>
        <framesize>65535</framesize>
        <compressBufferOnQueue>false</compressBufferOnQueue>
        <enableJMSXUserID>false</enableJMSXUserID>
        <locale>en_US</locale>	
    </advanced>

    <security>
        <principal-databases>
            <!-- Example use of Base64 encoded MD5 hashes for authentication via CRAM-MD5-Hashed -->
            <principal-database>
                <name>passwordfile</name>
                <class>org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase</class>
                <attributes>
                    <attribute>
                        <name>passwordFile</name>
                        <value>${conf}/passwd</value>
                    </attribute>
                </attributes>
            </principal-database>
        </principal-databases>

        <access>
            <class>org.apache.qpid.server.security.access.plugins.AllowAll</class>
        </access>
        
        <msg-auth>false</msg-auth>
        
        <jmx>
            <access>${conf}/jmxremote.access</access>
            <principal-database>passwordfile</principal-database>
        </jmx>

        <firewall default-action="deny">
            <rule access="allow" network="127.0.0.1"/>
        </firewall>
    </security>

    <virtualhosts>${conf}/virtualhosts-systests-firewall-3.xml</virtualhosts>
    
    <heartbeat>
        <delay>0</delay>
        <timeoutFactor>2.0</timeoutFactor>
    </heartbeat>
    <queue>
        <auto_register>true</auto_register>
    </queue>

    <status-updates>ON</status-updates>

</broker>