listen: 127.0.0.1:4222

authorization {
  # Our role based permissions.

  # Superuser can do anything.
  super_user = {
    publish = "*"
    subscribe = ">"
  }
  # Can do requests on foo or bar, and subscribe to anything
  # that is a response to an _INBOX.
  #
  # Notice that authorization filters can be singletons or arrays.
  req_pub_user = {
    publish = ["req.foo", "req.bar"]
    subscribe = "_INBOX.>"
  }

  # Setup a default user that can subscribe to anything, but has
  # no publish capabilities.
  default_user = {
    subscribe = "PUBLIC.>"
  }

  # Service can listen on the request subject and respond to any
  # received reply subject.
  my_service = {
    subscribe = "my.service.req"
    publish_allow_responses: true
  }

  # Can support a map with max messages and expiration of the permission.
  my_stream_service = {
    subscribe = "my.service.req"
    allow_responses: {max: 10, expires: "1m"}
  }

  # Default permissions if none presented. e.g. susan below.
  default_permissions: $default_user

  # Users listed with persmissions.
  users = [
    {user: alice, password: foo, permissions: $super_user}
    {user: bob,   password: bar, permissions: $req_pub_user}
    {user: susan, password: baz}
    {user: svca,  password: pc,  permissions: $my_service}
    {user: svcb,  password: sam, permissions: $my_stream_service}
  ]
}