Access Control Lists
The BrokerAccessControlList class is used to control the entities that may access a resource. A Broker Server can use an access control list (ACL) to determine which Broker clients are allowed administrative access. A client group may use an ACL to control who may create or reconnect a Broker client that is associated with the group.
A BrokerAccessControlList object actually contains two lists:
User listFor basic authentication, a list of basic authentication user names.
For SSL authentication, a list of DNs of entities that are allowed access to the resource.
Authenticator list For basic authentication, a list of basic authentication aliases.
For SSL authentication, a list of DNs of certificate authorities that are trusted. These trusted authorities should be signers of the certificates associated with the user DNs.
An entity that wishes to access a resource associated with a BrokerAccessControlList must provide the credentials. Access is granted as follows:
If both the user lists and authenticator lists are empty, access is granted.
If the user list is not empty, the basic authentication user name or the entity's DN must be in the list.
If the authenticator list is not empty, then the basic authentication alias or the entity's authenticator DN must be in the list.
If both user lists and authenticator lists are not empty,
For basic authentication, the basic authentication user name must be on the user list and the basic authentication alias must be on the authenticator list.
For SSL authentication, the entity's DN must be on the user list and its authenticator DN must be on the authenticator list.