OK, answering my own question here, in case anyone finds it useful:
The Broker instance which is used for the 'destination' queues is a
RegionBroker, which is created in BrokerService::createRegionBroker, and
that doesn't have any interceptors added to it (e.g.
AuthorizationBroker::send).
This is
Am I right in thinking that there needs to be another instance of the
AuthorizationBroker, added into the interceptor chain, added in such a
manner so as to make ActiveMQ call it on the call to 'send' upon each of the
destination queues?
Does anyone know if / how such as thing can be done?
I know
The closest I have got so far to answering this myself is looking at
AuthorizationBroker :: addProducer, where allowedACLs is determined via
authorizationMap.getWriteACLs(info.getDestination());
...but, I am still none the wiser, as to why this is only being called for
the ingest queue and not on
I am running ActiveMQ 5.14.0, with all of the following:
* the JAAS plugin - for user authentication on connection
* a custom plugin - similar to authorizationPlugin - for user authorization
on connection per destination
* Selectors, defined in the broker config, as per
http://activemq.apache.org/v
I have got it working very nicely as per
http://activemq.apache.org/virtual-destinations.html
Question: When a message is sent, which doesn't match any of the selectors,
it is dropped - but this isn't logged.
- What, if any config tweaks can be made, to log it?
- Or does this require a new plugi
Hi Tim
OK - just one more question:
If having a single consumer per queue wasn't a problem, would Selectors
still be a workable solution?
Or can they only be used if you have consumers (i.e. is it the consumers who
have to specify them)?
OK OK - another:
If it was OK to lose messages when con
HI Tim
That's awesome, very helpful advice.
Thanks!
--
View this message in context:
http://activemq.2283324.n4.nabble.com/destination-unspecified-can-ActiveMQ-set-it-tp4725338p4725419.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Thanks,
So the producer needs to set a destination.
That's OK, I guess it can be a 'special' destination, from which the broker
will perform routing to the appropriately determined destinations.
PS the destinations won't be known in advance - they could be constructed by
concatenating various pa
Is it possible for a producer to send a message to ActiveMQ, with an
unspecified destination?
The intention is that ActiveMQ will (via a plugin) inspect the message
(content, headers and/or properties) and according to some business rules,
it will decide which destination(s) the message must be s
OK, so I am answering my own question here (instead of just deleting it all)
in case it might be of help to someone...
I have solved it by doing the following:
* decorate the class SecurityContext
* in the decorator, override method getAuthorizedWriteDests
* in that method, always return an empty
Sorry, forgot to say:
I am using ActiveMQ 5.14.0 and developing my own plugins.
Trying to write a plugin to deliver same functionality as AuthorizationMap,
but as a proper plugin (i.e. using BrokerFilter, etc) so it can read a few
bean properties from activemq.xml on startup.
Also the message fro
It would apoear that org.apache.activemq.security.AuthorizationBroker uses
Security context in some way to cache the results of authorization.
This means if I have a dynamic map (i.e. the permissions could change from
one 'send' request to the next, for any destination) the dynamic nature is
lost
A similar question was asked at the beginning of last year.
http://stackoverflow.com/questions/29919469/intercept-incoming-jms-messages-to-activemq-reject-approve-based-on-rules
However, I'm not convinced it was answered with a definite yes or no.
Can anyone clear this up, one way or another, pl
A similar question was asked about a year ago.
http://stackoverflow.com/questions/29919469/intercept-incoming-jms-messages-to-activemq-reject-approve-based-on-rules
However, I'm not sure if it was absolutely answered with a definitive yes or
no.
Can anyone clear this up, one way or another, pleas
I am testing it, by means of making my client app send messages to a
non-existent queue on the broker, as a user which does NOT have admin
rights.
This fails as expected because the broker detects that the user is not
allowed to the create the queue. If I then manually create the queue and try
ag
Hi Tim
I am using
* javax.jms : javax.jms-api : 2.0.1
* org.apache.qpid : qpid-jms-client : 0.11.1
* org.apache.qpid : qpid-amqp-1-0-client-jms : 0.32
Apologies for the cross-post, I see you are also replying to this on the
qpid forum, as yet I don't know if the problem lies in my use of Acti
Thanks
I now see that my client should be setting *jms.alwaysSyncSend=true*
(although the qpid documentation has it as *jms.forceSyncSend=true*, so I am
setting both) option in the connection URI.
However, it is still operating asynchronously.
I forgot to mention that I am using a failover URI (
I have a requirement for the broker to validate that the message destination
(specified in the message producer's request) is allowed, given a
(business-defined) set of rules (implemented in an external service) which
determine (from the message content) what destination(s) would be permitted.
I s
I have a requirement to for my client (a JMS producer) to block, and only
return once the message has been accepted onto the specified queue or topic.
If the message is not accepted, then an exception should be thrown. We don't
care whether anything actually consumes the message.
However, my clien
19 matches
Mail list logo
