Re: IP address whitelisting for Artemis users

Yes, you can use a connection-router to allow only the connections that match the local-target-filter, i.e. USER_NAME ^(foo|too)$ SOURCE_IP ^(?!foo$|too$).*$ tcp:// 10.0.0.1:61616?router=allow-privileged-users...

Re: IP address whitelisting for Artemis users

In my previous example there is an error, I meant: USER_NAME ^(foo|too)$ USER_NAME ^(?!foo$|too$).*$ tcp:// 10.0.0.1:61616?router=allow-privileged-users. ..

Re: limiting queue creation in JMS durable subscription flow

The producer is not aware of consumers, so we need to pre-create a subscription queue on the broker side using management API or the "addresses" block in the broker.xml. However, messages will build up in the queue until the subscriber is connected. The solution is to create a subscription in disab

RE: IP address whitelisting for Artemis users

I'm trying to wrap my head around how connection router functionality works. In my case, I already have two acceptors. SSL protected and externally exposed one, which should be used only by the external unprivileged users, and internal one on different AMQP port, which should be used by the priv

Re: Additional Info on certificate based authentication errors

Hi Shiv, you could enable network tracing for .NET, see https://learn.microsoft.com/en-us/dotnet/framework/network-programming/how-to-configure-network-tracing Regards, Domenico On Thu, 17 Apr 2025 at 09:17, Shiv Kumar Dixit wrote: > Hi Justin, > Thanks for input. > > "Regarding the underlying

RE: limiting queue creation in JMS durable subscription flow

One more question. Do you know if resource limits are available to be set via Management API too? I didn't find anything in the documentation. -- Vilius -Original Message- From: Vilius Šumskas Sent: Thursday, April 17, 2025 12:39 PM To: users@activemq.apache.org Subject: RE: limit

RE: limiting queue creation in JMS durable subscription flow

OK, thank you, we will try. Not sure why it didn't work few year ago, when we tried the first time. Maybe because we are using ActiveMQBasicSecurityManager. Ideally, though, I would prefer to not have create/delete permissions on the consumer side at all. -- Vilius -Original Message--

Re: limiting queue creation in JMS durable subscription flow

Permissions can be set for address matches which can be exact address name, or address wildcard, or exact address::queue FQQN. We have a lot of permissions which are defined for FQQNs in the broker.xml. I'm sure this can also be set using Management API. The example of permissions for FQQN name: h

RE: limiting queue creation in JMS durable subscription flow

It is known and I considered this approach, however we have hundreds of these external roles and would like to manage permissions dynamically via Management API. Correct me if I'm wrong, but there is no way to set role permissions for queues via API, just for addresses. -- Vilius -Ori

RE: Additional Info on certificate based authentication errors

Hi Justin, Thanks for input. "Regarding the underlying problem...Have you explored the possibility of having the client itself somehow report that it's having a problem connecting rather than trying to work backwards from the broker to the client?" > Most of our customers are OpenWire based (Apa