activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harikrishnan P (JIRA)" <>
Subject [jira] [Commented] (APLO-354) Giving Topic based authorization to user groups  using access_rule 
Date Sat, 19 Apr 2014 04:06:16 GMT


Harikrishnan P commented on APLO-354:

Not using "openwire".Using the any protocol connector.
The apollo.xml used is like this:

<broker xmlns="">

    The default configuration with tls/ssl enabled.

  <log_category console="console" security="security" connection="connection" audit="audit"/>

  <authentication domain="apollo"/>
  <!-- Give admins full access -->
  <access_rule allow="admins" action="*"/>
  <access_rule allow="*" action="connect" kind="connector"/>
  <access_rule allow="hosts" action="connect create" />
  <access_rule allow="guests" action="connect create" />

  <virtual_host id="mybroker">
      You should add all the host names that this virtual host is known as
      to properly support the STOMP 1.1 virtual host feature.
    <topic id="something" slow_consumer_policy="queue">
      <subscription tail_buffer="4k"/>

    <!-- Uncomment to disable security for the virtual host -->
    <!-- <authentication enabled="false"/> -->

    <!-- Uncomment to disable security for the virtual host -->
    <!-- <authentication enabled="false"/> -->
    <access_rule allow="guests" action="receive consume" kind="queue topic" id="*" />

    <!-- You can delete this element if you want to disable persistence for this virtual
host -->
    <leveldb_store directory="${apollo.base}/data"/>


  <web_admin bind=""/>
  <web_admin bind=""/>

  <connector id="tcp" bind="tcp://" connection_limit="2000"/>
  <connector id="tls" bind="tls://" connection_limit="2000"/>
  <connector id="ws"  bind="ws://"  connection_limit="2000"/>
  <connector id="wss" bind="wss://" connection_limit="2000"/>

  <key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password"/>


> Giving Topic based authorization to user groups  using access_rule 
> -------------------------------------------------------------------
>                 Key: APLO-354
>                 URL:
>             Project: ActiveMQ Apollo
>          Issue Type: Question
>    Affects Versions: 1.4
>         Environment: Ubuntu,Java
>            Reporter: Harikrishnan P
>            Priority: Critical
> Using Apollo 1.4 broker for enabling topic based authorization. Specified <access_rule>
inside <virtual host> like this,
> "<access_rule allow="guests" action="receive,consume" kind="topic queue" id="app1.*"/>"
> But its not possible to subscribe from topic "app1.*"(its showing authorization error
saying that user is authorized to subscribe from this TempQueue). But if the id is replaced
by a wildcard ,"*" then the user group can subscribe from any topic. 
> Please help how to authorize the group to subscribe from a particular a particular topic.

This message was sent by Atlassian JIRA

View raw message