[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ActiveMQ authorization

Posted on 2014-03-28
1
Medium Priority
?
186 Views
Last Modified: 2014-03-31
I am having problems with  the documentation, but I did find the following:

			<authorizationPlugin>
				<map>
					<authorizationMap>
						<authorizationEntries>
							<authorizationEntry queue=">" read="admins"
								write="admins" admin="admins" />
							<authorizationEntry queue="myqueu"
								read="service" write="users" admin="admin" />
....
				</map>
			</authorizationPlugin>

Open in new window


And it appears to have been placed inside of  activemq.xml

So taht is good, but I can not quite put it all together without an example

Could someone please post how to provide authentication and authroization for the following

User:  Quest
pw:  abcd

destination:  myQueue
privileges:  read-admin, write-admin, admin=admin

Thanks, njd
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 36

Accepted Solution

by:
mccarl earned 2000 total points
ID: 39965576
Ok so what you have is one have of the story, ie. Authorization. The snippet that you posted basically just says that any user with the "admins" role, can do anything (receive messages, send messages, create queues). Also it says that only users with the "service" role can READ (ie. browse or consume messages) from the queue "myqueu" and only users with the "users" role can WRITE (ie. send messages to) the queue "myqueu" and users with the "admin" role (note there is NO s on the end of that role, unlike the others) can ADMINSTER (ie. create the queue if it doesn't exist) the queue "myqueu".

What you now need to do is to configure what users are allowed to connect to the broker, and what roles that they will have. So in the <plugins> section of activemq.xml (the same location that the above <authorizationPlugin> should be in) you will also define something like the following...
<simpleAuthenticationPlugin>
    <users>
        <authenticationUser username="system" password="manager" groups="users,admins"/>
        <authenticationUser username="Quest" password="abcd" groups="service,users,admin"/>
    </users>
</simpleAuthenticationPlugin>

Open in new window

This will give that user, "Quest", full rights to the "myqueu" queue but nothing else to any other queues
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question