Solved

ActiveMQ authorization

Posted on 2014-03-28
1
162 Views
Last Modified: 2014-03-31
I am having problems with  the documentation, but I did find the following:

			<authorizationPlugin>
				<map>
					<authorizationMap>
						<authorizationEntries>
							<authorizationEntry queue=">" read="admins"
								write="admins" admin="admins" />
							<authorizationEntry queue="myqueu"
								read="service" write="users" admin="admin" />
....
				</map>
			</authorizationPlugin>

Open in new window


And it appears to have been placed inside of  activemq.xml

So taht is good, but I can not quite put it all together without an example

Could someone please post how to provide authentication and authroization for the following

User:  Quest
pw:  abcd

destination:  myQueue
privileges:  read-admin, write-admin, admin=admin

Thanks, njd
0
Comment
Question by:Anthony Lucia
1 Comment
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
ID: 39965576
Ok so what you have is one have of the story, ie. Authorization. The snippet that you posted basically just says that any user with the "admins" role, can do anything (receive messages, send messages, create queues). Also it says that only users with the "service" role can READ (ie. browse or consume messages) from the queue "myqueu" and only users with the "users" role can WRITE (ie. send messages to) the queue "myqueu" and users with the "admin" role (note there is NO s on the end of that role, unlike the others) can ADMINSTER (ie. create the queue if it doesn't exist) the queue "myqueu".

What you now need to do is to configure what users are allowed to connect to the broker, and what roles that they will have. So in the <plugins> section of activemq.xml (the same location that the above <authorizationPlugin> should be in) you will also define something like the following...
<simpleAuthenticationPlugin>
    <users>
        <authenticationUser username="system" password="manager" groups="users,admins"/>
        <authenticationUser username="Quest" password="abcd" groups="service,users,admin"/>
    </users>
</simpleAuthenticationPlugin>

Open in new window

This will give that user, "Quest", full rights to the "myqueu" queue but nothing else to any other queues
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
firstswap challenge 20 78
how to add new optional parameter to JSP 1 42
Android development question 2 38
Java: The Public Class Main 4 17
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Video by: Michael
Viewers learn about how to reduce the potential repetitiveness of coding in main by developing methods to perform specific tasks for their program. Additionally, objects are introduced for the purpose of learning how to call methods in Java. Define …
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question