Access Control Lists
Restrict access to services and resources with the ACL feature of Membrane Monitor and ESB. An ACL file allows a fine grained configuration of permissions.
Features
- Fine grained access control
- XML based configuration
- Access control based on IP address, hostname or URI
Installation
Two steps are required to setup access control using Membrane.
1. Write an ACL File
The following sample declares permissions for some resources:
<accessControl>
<!-- Access to resources under /open-source/ is permitted only for clients
within the IP range from 192.168.2.0 to 192.168.2.255 -->
<resource uri="/open-source/*">
<clients>
<ip>192.168.2.*</ip>
</clients>
</resource>
<!-- The resources under /contact/ can be accessed only by localhost. -->
<resource uri="/contact/*">
<clients>
<hostname>localhost</hostname>
</clients>
</resource>
<!-- Unrestricted access is granted to all clients for any other resources. -->
<resource uri="*">
<clients>
<any/>
</clients>
</resource>
</accessControl>
The access control file is processed from top to bottom, therefore the order of the resource elements is important. Save the document in a file e.g. acl.xml.
2. Engage the ACL Feature
Access control is activated by engaging the AccessControlInterceptor using the accessControl element. Only the aclFilename property pointing to your access control list file must be set. The interceptor bean definition looks like this:
<beans>
<transport coreThreadPoolSize="20">
<ruleMatching />
<dispatching />
<accessControl file="resources/acl/acl.xml" />
<userFeature />
<httpClient />
</transport>
</beans>
ACL Example
Within the Membrane Monitor/Router distribution under the examples/acl directory you can find an ACL sample showing how to setup ACL. It is preconfigured and uses it's own bean and rules configuration files. For a detailed explanation about this example please consult the README.txt file there.