| <schema package="org.apache.qpid.acl"> |
| |
| <!-- |
| * Copyright (c) 2008 The Apache Software Foundation |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| --> |
| |
| <class name="Acl"> |
| <property name="brokerRef" type="objId" references="org.apache.qpid.broker:Broker" access="RO" index="y" parentRef="y"/> |
| <property name="policyFile" type="lstr" access="RO" desc="Name of the policy file"/> |
| <property name="enforcingAcl" type="bool" access="RO" desc="Currently Enforcing ACL"/> |
| <property name="transferAcl" type="bool" access="RO" desc="Any transfer ACL rules in force"/> |
| <property name="lastAclLoad" type="absTime" access="RO" desc="Timestamp of last successful load of ACL"/> |
| <property name="maxConnections" type="uint16" access="RO" desc="Maximum allowed connections"/> |
| <property name="maxConnectionsPerIp" type="uint16" access="RO" desc="Maximum allowed connections"/> |
| <property name="maxConnectionsPerUser" type="uint16" access="RO" desc="Maximum allowed connections"/> |
| <property name="maxQueuesPerUser" type="uint16" access="RO" desc="Maximum allowed queues"/> |
| <statistic name="aclDenyCount" type="count64" unit="request" desc="Number of ACL requests denied"/> |
| <statistic name="connectionDenyCount" type="count64" unit="connection" desc="Number of connections denied"/> |
| <statistic name="queueQuotaDenyCount" type="count64" unit="queue" desc="Number of queue creations denied"/> |
| |
| <method name="reloadACLFile" desc="Reload the ACL file"/> |
| |
| <!-- |
| Lookup is a general object lookup |
| User Name |
| Action |
| Object |
| Object Name |
| Property Map consisting of <"name" "value"> string pairs. |
| --> |
| <method name="Lookup" desc="Lookup: user action object [objectName [propertyMap]]"> |
| <arg name="userId" dir="I" type="lstr"/> |
| <arg name="action" dir="I" type="lstr"/> |
| <arg name="object" dir="I" type="lstr"/> |
| <arg name="objectName" dir="I" type="lstr"/> |
| <arg name="propertyMap" dir="I" type="map"/> |
| <arg name="result" dir="O" type="lstr"/> |
| </method> |
| |
| <!-- |
| LookupPublish is a specific lookup for a PUBLISH EXCHANGE fastpath |
| User Name |
| Exchange Name |
| Routing Key |
| --> |
| <method name="LookupPublish" desc="Lookup PUBLISH EXCHANGE: user exchangeName routingKey"> |
| <arg name="userId" dir="I" type="lstr"/> |
| <arg name="exchangeName" dir="I" type="lstr"/> |
| <arg name="routingKey" dir="I" type="lstr"/> |
| <arg name="result" dir="O" type="lstr"/> |
| </method> |
| |
| </class> |
| |
| <eventArguments> |
| <arg name="action" type="sstr"/> |
| <arg name="arguments" type="map"/> |
| <arg name="objectName" type="sstr"/> |
| <arg name="objectType" type="sstr"/> |
| <arg name="reason" type="lstr"/> |
| <arg name="userId" type="sstr"/> |
| <arg name="clientAddr" type="sstr"/> |
| <arg name="queueName" type="sstr"/> |
| </eventArguments> |
| |
| <event name="allow" sev="inform" args="userId, action, objectType, objectName, arguments"/> |
| <event name="deny" sev="notice" args="userId, action, objectType, objectName, arguments"/> |
| <event name="connectionDeny" sev="notice" args="userId, clientAddr"/> |
| <event name="queueQuotaDeny" sev="notice" args="userId, queueName"/> |
| <event name="fileLoaded" sev="inform" args="userId"/> |
| <event name="fileLoadFailed" sev="error" args="userId, reason"/> |
| |
| </schema> |