activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vince Cole <>
Subject where is a producer authorized for writing to a virtual destination?
Date Mon, 15 May 2017 13:37:41 GMT
I am running ActiveMQ 5.14.0, with all of the following:
* the JAAS plugin - for user authentication on connection
* a custom plugin - similar to authorizationPlugin - for user authorization
on connection per destination
* Selectors, defined in the broker config, as per ("Using filtered

Having tested it, I see that when a producer sends a message to a virtual
destination (the 'ingest' queue) on the broker which is configured with
Selectors to forward a copy of the message to one or more 'destination'
queues, ActiveMQ first checks that the producer has write permission on the
ingest queue but it does NOT check if the producer has write permission on
any of the destination queues.

I can't figure out where in the ActiveMQ codebase to look at the code, to
work out if / how it would be possible to enable this extra checking.

I have looked at CompositeDestinationFilter::send - I see that ActiveMQ
iterates over the set of destinations for which the Selectors are matched on
an incoming message, and sends a copy of the message to each one - but I
can't see where, outside of this class, ActiveMQ makes a decision to check
for write permissions on the ingest queue, but NOT on any of the destination

Can anyone shed any light on this please? 
I am hoping that a VirtualDestinationInterceptors config setting somewhere
can be changed to enable the destination checks, otherwise I am going to
have to write my own CompositeDestinationFilter ?

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message