Overview
The AMQ Protocol specification has not yet formally specified how access control lists should be specified or implemented as a result this is subject to change
The Java Qpid Broker provides an authentication framework based on SASL, that provides the ability to plug in arbitrary user (or more strictly principal) databases and different SASL-compliant mechanisms.
SASL/Authentication Design
Qpid Interoperability Documentation : For details on the SASL mechanimsm.
Qpid Design - PrincipalDatabase : The Interface for adding new authentication sources
Qpid Design - Dynamic SASL Mechanisms : How SASL mechanisms are incorporated in the Java broker
Qpid Design - Dynamic SASL Mechanisms : How AMQPLAIN other Qpid specific SASL mechanisms are added to the Java Client.
ACL Plugin Design Details
java ACLPlugin
Continuing work on this design can be found here
ACL Formats
The Qpid project has two ACL implementations. An initial version of ACLs was added to the Java Broker for M2.1 that uses XML configuration. For M4 a new format was designed to be implemented by both C++ and Java brokers. M4 release includes the initial C++ implementation and M5 is expected to include the Java implementation.
Specifications
The specifications for each of the ACL formats are linked here:
v1 XML ACLs (Java Broker Only)
v2 All brokers
User Guides
To aid users in defining their ACLs we have a user guide for each of the ACL formats.