activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sandro Tosi <>
Subject Re: Protect queues access with password
Date Mon, 15 Sep 2008 16:29:10 GMT

Perfect  Joe, that works as a charm!!

But I still got some question to ask :)

I even need to add the authentication for 'topic=">"' together with
'queue=">"' because otherwise no "dynamic" queue creation was able (here I
mean when Mule connects to ActiveMQ to read from a non-existing queue, that
queue is "automatically" registered); not a big deal but still...

Another problem with that "dynamic queue creation": it seems I need to have
an admin user to be able to create that queue: if I use "user/password" to
log in from Mule I receive:

WARN  Service                        - Failed to remove connection
ConnectionInfo {commandId = 1, responseRequired = true, connectionId =
ID:de_tosisa-3398-1221496082109-0:0, clientId =
ID:de_tosisa-3398-1221496082109-1:0, userName = user, password = password,
brokerPath = null, brokerMasterConnector = false, manageable = true,
clientMaster = true}
java.lang.SecurityException: User user is not authorized to create:

while using system/manager I got no problem. Is there a way to avoid
granting admin rights to normal users or not?


Joe Fernandez wrote:
> You have both the <jaasAuthenticationPlugin>  and
> <simpleAuthenticationPlugin> elements defined, and the
> <simpleAuthenticationPlugin> is outside the <broker> element. You can't
> have both elements defined. I believe you were trying to use the
> <simpleAuthenticationPlugin>. Here's an example. 
>  <plugins>
>       <simpleAuthenticationPlugin>
>         <users>
>                 <authenticationUser username="system" password="manager"
> groups="users,admins"/>
>                 <authenticationUser username="user" password="password"
> groups="users"/>
>                 <authenticationUser username="guest" password="password"
> groups="guests"/>
>         </users>
>      </simpleAuthenticationPlugin>
>       <!--  lets configure a destination based authorization mechanism -->
>       <authorizationPlugin>
>         <map>
>           <authorizationMap>
>             <authorizationEntries>
>               <authorizationEntry queue=">" read="users,admins"
> write="users,admins" admin="admins" />
>             </authorizationEntries>
>           </authorizationMap>
>         </map>
>       </authorizationPlugin>
>     </plugins>
> If you're not using Camel, comment out or remove the <camelContext>
> element if it exists in your config file.  If you are using Camel, then
> consult the Camel site for info on how to configure Camel.
> Joe

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message