Broker 10.5 | webMethods Broker Documentation | webMethods Broker Administration Java API Programmer’s Guide | Managing Security Configurations | Access Control Lists
 
Access Control Lists
 
Getting and Setting Authenticator Names
Getting and Setting Names
Converting to a String
The BrokerAccessControlList class is used to control the entities that may access a resource. A Broker Server can use an access control list (ACL) to determine which Broker clients are allowed administrative access. A client group may use an ACL to control who may create or reconnect a Broker client that is associated with the group.
A BrokerAccessControlList object actually contains two lists:
*User list
*For basic authentication, a list of basic authentication user names.
*For SSL authentication, a list of DNs of entities that are allowed access to the resource.
*Authenticator list
*For basic authentication, a list of basic authentication aliases.
*For SSL authentication, a list of DNs of certificate authorities that are trusted. These trusted authorities should be signers of the certificates associated with the user DNs.
An entity that wishes to access a resource associated with a BrokerAccessControlList must provide the credentials. Access is granted as follows:
*If both the user lists and authenticator lists are empty, access is granted.
*If the user list is not empty, the basic authentication user name or the entity's DN must be in the list.
*If the authenticator list is not empty, then the basic authentication alias or the entity's authenticator DN must be in the list.
*If both user lists and authenticator lists are not empty,
*For basic authentication, the basic authentication user name must be on the user list and the basic authentication alias must be on the authenticator list.
*For SSL authentication, the entity's DN must be on the user list and its authenticator DN must be on the authenticator list.