Apache Qpid : Configuring Management Users
This page last changed on Jul 17, 2008 by ritchiem.
The Qpid Java broker has a single source of users for the system. So a user can connect to the broker to send messages and via the JMX console to check the state of the broker. Adding a new management userThe broker does have some minimal configuration available to limit which users can connect to the JMX console and what they can do when they are there. There are two steps required to add a new user with rights for the JMX console.
Granting JMX Console PermissionsBy default new users do not have access to the JMX console. The access to the console is controlled via the file jmxremote.access. This file contains a mapping from user to privilege. There are three privileges available:
This file is read at start up and can forcibly be reloaded by an admin user through the management console. Access File FormatThe file is a standard Java properties file and has the following format <username>=<privilege> If the username value is not a valid user (list in the specified PrincipalDatabase) then the broker will print a warning when it reads the file as that entry will have no meaning. Only when the the username exists in both the access file and the PrincipalDatabase password file will the user be able to login via the JMX Console. Example FileThe file will be timestamped by the management console if edited through the console. #Generated by JMX Console : Last edited by user:admin #Tue Jun 12 16:46:39 BST 2007 admin=admin guest=readonly user=readwrite |
![]() |
Document generated by Confluence on May 26, 2010 10:33 |