activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitry Efremov <>
Subject AuthorizationBroker and ActiveMQTempQueue
Date Fri, 29 May 2009 18:42:29 GMT


We try to use temporary queue in ActiveMQ for clients to receive messages
from server side. So we don't want to allow server to create any new
temporary queue and want allow only to use existing onces which were passed
to it. We use permissions for that. We just denied server side user to
create temporary queue. But we get an error User "name" does not authorized
to create queue: temp-queue://<name of queue>. But this temporary queue is
exist. So we ran through code and found this:

    public Destination addDestination(ConnectionContext context,
ActiveMQDestination destination) throws Exception {
        final SecurityContext securityContext =
        if (securityContext == null) {
            throw new SecurityException("User is not authenticated.");
        Destination existing = this.getDestinationMap().get(destination);
        if (existing != null) {
        	return existing;

        return super.addDestination(context, destination);
When it checks it try to find that destination already exists but method
getDestinationMap() returns only information about Queue and Topic

    public Map<ActiveMQDestination, Destination> getDestinationMap() {
        Map<ActiveMQDestination, Destination> answer =
        return answer;

The question is why don't you put information about TempQueue region and
TempTopic region?

Permission configuration section:
      <!--  use JAAS to authenticate using the login.config file on the
classpath to configure JAAS -->
      <jaasAuthenticationPlugin configuration="activemq-domain" />
      <!--  lets configure a destination based authorization mechanism -->
              <authorizationEntry queue=">" read="Core,Client"
write="Core,Client" admin="Core,Client"/>
              <authorizationEntry topic=">" read="Core,Client"
write="Core,Client" admin="Core,Client"/>
              <authorizationEntry topic="ActiveMQ.Advisory.>"
read="Core,Client" write="Core,Client" admin="Core,Client"/>
              <tempDestinationAuthorizationEntry read="Core,Client"
write="Core,Client" admin="Client"/>
          <authenticationUser username="Client" password=""
          <authenticationUser username="Core" password=""

Dmitry Efremov.
View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message