Contents
 Contents

Enabling ACL Based Security

By default, ACL based security is turned OFF in FioranoMQ, but can be turned ON. To turn ACL based security ON, perform the following steps::

  1. Open the profile for off-line editing through the Profile Manager as explained in section 4.8.1 How to Enable Pinging
  2. Go to Fiorano > etc > FMQConfigLoader.
  3. In the property panel change the value of the AclBasedDestinationSecurity property to 'yes' as shown in the figure below:

4. Right-click the FioranoMQ node and select Save from the pop-up menu.

Turning ON ACL Checks

By default, ACLs are checked only at the time of performing an action, such as creating a publisher/subscriber on a topic. If an ACL is modified, clients connected to it are not affected. To get connected clients to check ACL when modified, perform the following steps:

  1. Open the profile for off-line editing through the Profile Manager using Studio, as explained in section 4.8.1 How to Enable Pinging
  2. Go to Fiorano > etc > FMQConfigLoader.
  3. Change the value of the AllowOnTheFlyAclCheck property to 'yes' as shown in the figure below:

4. Right-click the FioranoMQ node and select Save option from the pop-up menu.

Icon

The AllowOnFlyAclCheck flag works for all permissions except when:

  1. A publisher is publishing non-persistent messages on a topic.
  2. The permission to create publisher should be revoked for a topic.
  3. No exception is thrown even though the User is not allowed to publish since messages are sent in batch mode.

Work Around 1:

For NP messages, batching is enabled by default which leads to the behavior explained above. To view this Exception at the 'send' API location, set the BatchingEnabled parameter in the ConnectionFactory to 'FALSE'.

Work Around 2:

Add the following line to the client code environment while performing the lookup function:

Modifying ACLManager Implementation

Here, env is the environment passed while performing a JNDI lookup. This will disable batching for that particular client.

  1. Open the profile for offline editing through the Profile Manager as explained in section 4.8.1 How to Enable Pinging.
  2. Navigate to the node Fiorano > security > AclManager. Click the current ACL Manager MBean.
  3. Click the value of the Implementation property and choose a value from the drop-down menu.
  4. Right-click the FioranoMQ node and select the Save option from the pop-up menu.
Adaptavist ThemeBuilder EngineAtlassian Confluence