Solved

ActiveMQ authorization

Posted on 2014-03-28
1
165 Views
Last Modified: 2014-03-31
I am having problems with  the documentation, but I did find the following:

			<authorizationPlugin>
				<map>
					<authorizationMap>
						<authorizationEntries>
							<authorizationEntry queue=">" read="admins"
								write="admins" admin="admins" />
							<authorizationEntry queue="myqueu"
								read="service" write="users" admin="admin" />
....
				</map>
			</authorizationPlugin>

Open in new window


And it appears to have been placed inside of  activemq.xml

So taht is good, but I can not quite put it all together without an example

Could someone please post how to provide authentication and authroization for the following

User:  Quest
pw:  abcd

destination:  myQueue
privileges:  read-admin, write-admin, admin=admin

Thanks, njd
0
Comment
Question by:Anthony Lucia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 35

Accepted Solution

by:
mccarl earned 500 total points
ID: 39965576
Ok so what you have is one have of the story, ie. Authorization. The snippet that you posted basically just says that any user with the "admins" role, can do anything (receive messages, send messages, create queues). Also it says that only users with the "service" role can READ (ie. browse or consume messages) from the queue "myqueu" and only users with the "users" role can WRITE (ie. send messages to) the queue "myqueu" and users with the "admin" role (note there is NO s on the end of that role, unlike the others) can ADMINSTER (ie. create the queue if it doesn't exist) the queue "myqueu".

What you now need to do is to configure what users are allowed to connect to the broker, and what roles that they will have. So in the <plugins> section of activemq.xml (the same location that the above <authorizationPlugin> should be in) you will also define something like the following...
<simpleAuthenticationPlugin>
    <users>
        <authenticationUser username="system" password="manager" groups="users,admins"/>
        <authenticationUser username="Quest" password="abcd" groups="service,users,admin"/>
    </users>
</simpleAuthenticationPlugin>

Open in new window

This will give that user, "Quest", full rights to the "myqueu" queue but nothing else to any other queues
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question