Authorization

Clients must be granted authority to connect to Eclipse Amlen. Clients must also be granted specific authorities before messages can be sent or received.

Eclipse Amlen implements a policy-based authorization mechanism to allow clients to connect and use messaging actions. There are two types of policies: connection policies, and messaging policies.

Connection and messaging policies provide access control. Access control defines which clients that are allowed to connect to Eclipse Amlen. Access control also defines the actions which the connected clients are authorized to use. Access control can be restricted based on any combination of a set of attributes, including:
  • Network data
    • Client IP address or a range of IP addresses
    • Server listener port
    • Network interface
    • Protocol
    • Endpoint (IP address and port)
  • Client identification data
    • Client ID
    • User ID
    • Group name
  • Message data
    • Topic name
    • Queue name
    • Global-shared durable subscription name
    • Action (Publish, Subscribe, Send, Receive, Browse, Control, Receive)

For more information about connection policies, see Authorizing client connections. For more information about messaging policies, see Authorizing client messaging.