activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sandro Tosi <sandro.t...@gmail.com>
Subject Re: Protect queues access with password
Date Mon, 15 Sep 2008 16:29:10 GMT

Perfect  Joe, that works as a charm!!

But I still got some question to ask :)

I even need to add the authentication for 'topic=">"' together with
'queue=">"' because otherwise no "dynamic" queue creation was able (here I
mean when Mule connects to ActiveMQ to read from a non-existing queue, that
queue is "automatically" registered); not a big deal but still...

Another problem with that "dynamic queue creation": it seems I need to have
an admin user to be able to create that queue: if I use "user/password" to
log in from Mule I receive:

WARN  Service                        - Failed to remove connection
ConnectionInfo {commandId = 1, responseRequired = true, connectionId =
ID:de_tosisa-3398-1221496082109-0:0, clientId =
ID:de_tosisa-3398-1221496082109-1:0, userName = user, password = password,
brokerPath = null, brokerMasterConnector = false, manageable = true,
clientMaster = true}
java.lang.SecurityException: User user is not authorized to create:
topic://ActiveMQ.Advisory.Connection

while using system/manager I got no problem. Is there a way to avoid
granting admin rights to normal users or not?

TIA,
Sandro


Joe Fernandez wrote:
> 
> You have both the <jaasAuthenticationPlugin>  and
> <simpleAuthenticationPlugin> elements defined, and the
> <simpleAuthenticationPlugin> is outside the <broker> element. You can't
> have both elements defined. I believe you were trying to use the
> <simpleAuthenticationPlugin>. Here's an example. 
> 
> 
>  <plugins>
>       <simpleAuthenticationPlugin>
>         <users>
>                 <authenticationUser username="system" password="manager"
> groups="users,admins"/>
>                 <authenticationUser username="user" password="password"
> groups="users"/>
>                 <authenticationUser username="guest" password="password"
> groups="guests"/>
>         </users>
>      </simpleAuthenticationPlugin>
> 
>       <!--  lets configure a destination based authorization mechanism -->
>       <authorizationPlugin>
>         <map>
>           <authorizationMap>
>             <authorizationEntries>
>               <authorizationEntry queue=">" read="users,admins"
> write="users,admins" admin="admins" />
>             </authorizationEntries>
>           </authorizationMap>
>         </map>
>       </authorizationPlugin>
> 
>     </plugins>
> 
> If you're not using Camel, comment out or remove the <camelContext>
> element if it exists in your config file.  If you are using Camel, then
> consult the Camel site for info on how to configure Camel.
> 
> http://activemq.apache.org/camel/configuring-camel.html
> 
> Joe
> 

-- 
View this message in context: http://www.nabble.com/Protect-queues-access-with-password-tp19453220p19496448.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message