Solved

ActiveMQ authorization

Posted on 2014-03-28
1
158 Views
Last Modified: 2014-03-31
I am having problems with  the documentation, but I did find the following:

			<authorizationPlugin>
				<map>
					<authorizationMap>
						<authorizationEntries>
							<authorizationEntry queue=">" read="admins"
								write="admins" admin="admins" />
							<authorizationEntry queue="myqueu"
								read="service" write="users" admin="admin" />
....
				</map>
			</authorizationPlugin>

Open in new window


And it appears to have been placed inside of  activemq.xml

So taht is good, but I can not quite put it all together without an example

Could someone please post how to provide authentication and authroization for the following

User:  Quest
pw:  abcd

destination:  myQueue
privileges:  read-admin, write-admin, admin=admin

Thanks, njd
0
Comment
Question by:Anthony Lucia
1 Comment
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
Comment Utility
Ok so what you have is one have of the story, ie. Authorization. The snippet that you posted basically just says that any user with the "admins" role, can do anything (receive messages, send messages, create queues). Also it says that only users with the "service" role can READ (ie. browse or consume messages) from the queue "myqueu" and only users with the "users" role can WRITE (ie. send messages to) the queue "myqueu" and users with the "admin" role (note there is NO s on the end of that role, unlike the others) can ADMINSTER (ie. create the queue if it doesn't exist) the queue "myqueu".

What you now need to do is to configure what users are allowed to connect to the broker, and what roles that they will have. So in the <plugins> section of activemq.xml (the same location that the above <authorizationPlugin> should be in) you will also define something like the following...
<simpleAuthenticationPlugin>
    <users>
        <authenticationUser username="system" password="manager" groups="users,admins"/>
        <authenticationUser username="Quest" password="abcd" groups="service,users,admin"/>
    </users>
</simpleAuthenticationPlugin>

Open in new window

This will give that user, "Quest", full rights to the "myqueu" queue but nothing else to any other queues
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now