In the ACL properties file, access control defines what access specific users or groups have to protected resources like physical destinations and connection services. Access control is expressed by a rule or set of rules, with each rule presented as a Java property:
The basic syntax of these rules is as follows:
resourceType.resourceVariant .operation.access. principalType=principals
Table 7–3 describes the elements of syntax rules.
Table 7–3 Syntactic Elements of Access Rules
Element |
Description |
---|---|
resourceType |
One of the following: connection, queue or topic. |
resourceVariant |
An instance of the type specified by resourceType. For example, myQueue. The wild card character (*) may be used to mean all connection service types or all physical destinations. |
operation |
Value depends on the kind of access rule being formulated. |
access |
One of the following: allow or deny. |
principalType |
One of the following: user or group. For more information, see Groups. |
principals |
Who may have the access specified on the left-hand side of the rule. This may be an individual user or a list of users (comma delimited) if the principalType is user; it may be a single group or a list of groups (comma delimited list) if the principalType is group. The wild card character (*) may be used to represent all users or all groups. |
Here are some examples of access rules:
The following rule means that all users may send a message to the queue named q1.
queue.q1.produce.allow.user=*
The following rule means that any user may send messages to any queue.
queue.*.produce.allow.user=*
To specify non-ASCII user, group, or destination names, use Unicode escape (\\uXXXX) notation. If you have edited and saved the ACL file with these names in a non-ASCII encoding, you can convert the file to ASCII with the Java native2ascii tool. For more detailed information, see
http://java.sun.com/j2se/1.4/docs/guide/intl/faq.html