FioranoMQ User Management service uses Realms to retrieve Users and Groups as Java objects. Any one of the following realms can be chosen for User Management:
- Default Realm
- NT Realm
- RDBMS Realm
- LDAP Realm
- Caching Realm
- XML Realm
The User Manager implementation can be specified in the profile deployed during configuration.
Access Control Management
FioranoMQ includes a powerful and flexible access control system to control access to applications and to backend services that clients access through the FioranoMQ Server. The access control system is built on the Java2 security APIs.
An ACL guards an object or service in the FioranoMQ Server. ACLs can guard Topics and Queues. Additionally, custom ACLs can be created for use in applications. An ACL holds a list of ACL entries, each with a set of permissions for a user or group. Permission is actions that can be performed on the protected destination, for example, publish, lookup, and subscribe.
FioranoMQ's dynamic verification engine is invoked before any service call is executed, which checks pertinent ACLs, testing whether the user has the permission required to continue.
By default, FioranoMQ uses the file-based data store for storing ACL information. ACLs are associated with realms in such a way that the entries in them, which identify users and groups, are only significant within a particular realm. FioranoMQ realms are dynamic; they retrieve Users, Groups, and ACLs as needed from an external source.
More information about Access Control Lists is available in the Java documentation of the java.security.acl package.
Any of the following realms can be chosen for ACL management:
- Default Realm
- RDBMS Realm
- LDAP Realm
- XML Realm
The ACL Manager Implementation can be specified in the profile deployed during configuration.