Queue policy

You can use a queue policy to specify which clients can send messages, receive messages, or browse a queue for messages.

In a queue policy, the Queue parameter specifies the queue or queues that the policy applies to. When you create a queue policy, you can specify which messaging actions can be used by which of the clients that connect to the endpoints associated with the queue policy. You can choose from a combination of the following actions:
  • Send
    Allows clients to send messages to the queue that is specified in the queue policy.
  • Receive
    Allows clients to receive messages from the queue that is specified in the queue policy.
  • Browse
    Allows clients to browse the queue that is specified in the queue policy.
You can use the following filter attributes to restrict which clients can use the messaging actions:
  • Client IP address
    Specifies the client IP addresses that are allowed to connect to Eclipse Amlen.
    The IP address can contain an asterisk (*), or a comma-separated list of IPv4 or IPv6 addresses or ranges. For example, 192.0.2.32, 192.0.0.0, 192.0.2.0-192.0.2.100. The range must be specified from low to high.
    IPv6 addresses must be enclosed in brackets [ ].
  • Client ID
    Specifies the Client ID that is allowed to connect to Eclipse Amlen by using the specified endpoint.
    You can use an asterisk (*) as a wildcard to specify multiple client IDs.
  • User ID
    Specifies the messaging user ID that is allowed to connect to Eclipse Amlen by using the specified endpoint.
    You can use an asterisk (*) as a wildcard to specify multiple user IDs.
  • Group Name
    Specifies the messaging group that is allowed to connect to Eclipse Amlen by using the specified endpoint.
    You can use an asterisk (*) as a wildcard to specify multiple group names.
  • Certificate Common Name
    Specifies the client certificate common name that must be used to connect to Eclipse Amlen by using the specified endpoint.
    You can use an asterisk (*) as a wildcard to specify multiple certificate common names.
  • Protocol
    Specifies which protocols are allowed to connect to Eclipse Amlen.
For example, for a queue exampleQueue:
  • One queue policy specifies that only clients with a client ID that starts with example can send messages to the queue.
  • Another queue policy specifies that only clients that connect from the IP address range of 192.0.2.51-192.0.2.100 can receive messages from the queue. The clients must also have a user ID beginning with user.
The queue policy configuration looks like the following examples:

curl -X POST  \
   -H 'Content-Type: application/json'  \
   -d  '{                          
           "QueuePolicy": {   
               "exampleQueuePolicy1": {
                "Description": "Queue policy that restricts based on client ID.",
                "Queue": "exampleQueue", 
                "ActionList": "Send",
                "ClientID": "example*"
              }
          }
      }
  '   \
http://127.0.0.1:9089/ima/v1/configuration/

curl -X POST  \
   -H 'Content-Type: application/json'  \
   -d  '{                          
           "QueuePolicy": {   
               "exampleQueuePolicy2": {
                "Description": "Queue policy that restricts based on IP address and user ID.",
                "Queue": "exampleQueue", 
                "ActionList": "Receive",
                "ClientAddress": "192.0.2.51-192.0.2.100",
                "UserID": "user*"
              }
          }
      }
  '   \
http://127.0.0.1:9089/ima/v1/configuration/

You can use variable substitution in queue policies to avoid configuring large numbers of messaging policies. For more information about using variable substitution, see Variable substitution in messaging policies.

For more information about configuring messaging policies, see Configuring message hubs.