Each broker has it own access control file, created automatically when the broker is started. The file is named accesscontrol.properties and is located at a path of the form
…/instances/brokerInstanceName/etc/accesscontrol.properties
(See Appendix A, Platform-Specific Locations of Message Queue Data for the exact location, depending on your platform.)
The file is formatted as a Java properties file. It starts with a version property defining the version of the file:
version=JMQFileAccessControlModel/100
This is followed by three sections specifying the access control for three categories of operations:
Creating connections
Creating message producers or consumers, or browsing a queue destination
Auto-creating physical destinations
Each of these sections consists of a sequence of authorization rules specifying which users or groups are authorized to perform which specific operations. These rules have the following syntax:
resourceType.resourceVariant.operation.access.principalType=principals
Table 9–5 describes the various elements.
Table 9–5 Authorization Rule Elements
Rule: queue.q1.consume.allow.user=*
Description: allows all users to consume messages from the queue destination q1.
Rule: queue.*.consume.allow.user=Snoopy
Description: allows user Snoopy to consume messages from all queue destinations.
Rule: topic.t1.produce.deny.user=Snoopy
Description: prevents Snoopy from producing messages to the topic destination t1
You can use Unicode escape (\\uXXXX) notation to specify non-ASCII user, group, or destination names. If you have edited and saved the access control file with these names in a non-ASCII encoding, you can use the Java native2ascii tool to convert the file to ASCII. See the Java Internationalization FAQ at
http://java.sun.com/j2se/1.4/docs/guide/intl/faq.html
for more information.