Hi all. I think I've exhausted google on this one, so I now turn to you. We need to be able to set different permissions for different applications to be able to listen to topics/queues. After much searching, I have this much in the broker config file (slightly snipped for brevity):
<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:util="http://www.springframework.org/schema/util "> <broker> <plugins> <!-- use simple authentication --> <simpleAuthenticationPlugin userGroups="#groups" userPasswords="#users"/> <!-- lets configure a destination based authorization mechanism --> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admin" write="admin" admin="admin"/> <authorizationEntry queue="inbound" read="inboundEventReader" write="inboundEventWriter" admin="inboundEventAdmin"/> <authorizationEntry topic=">" read="admin" write="admin" admin="admin"/> <authorizationEntry topic="outbound" read="eventReader" write="eventWriter" admin="eventAdmin"/> <authorizationEntry topic=" ActiveMQ.Advisory.Connection" read="all" write="all" admin="all"/> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> </plugins> </broker> <util:map id="users"> <entry key="connector" value="secret"/> <entry key="gateway" value="secret"/> <entry key="admin" value="secret"/> <entry key="guest" value="guest"/> </util:map> <util:map id="groups"> <entry key="connector"><ref bean="connectorGroup"/></entry> <entry key="gateway"><ref bean="gatewayGroup"/></entry> <entry key="admin"><ref bean="adminGroup"/></entry> <entry key="guest"><ref bean="guestGroup"/></entry> </util:map> <util:set id="connectorGroup"> <value>connectorEventWriter</value> <value>connectorEventAdmin</value> <value>all</value> </util:set> <util:set id="gatewayGroup"> <value>eventReader</value> <value>eventWriter</value> <value>eventAdmin</value> <value>connectorEventReader</value> <value>connectorEventWriter</value> <value>connectorEventAdmin</value> <value>all</value> </util:set> <util:set id="adminGroup"> <value>admin</value> <value>eventReader</value> <value>eventWriter</value> <value>eventAdmin</value> <value>connectorEventReader</value> <value>connectorEventWriter</value> <value>all</value> </util:set> <util:set id="guestGroup"> <value>eventReader</value> <value>all</value> </util:set> </beans> The log contains errors like this: INFO | jvm 1 | 2007/10/11 14:38:57 | 14:38:57,668 WARN [ TransportConnection.Service] Failed to remove connection ConnectionInfo {commandId = 1, responseRequired = true, connectionId = ID:rfidserv-4114-1192127937387-1:0, clientId = ID:rfidserv-4114-1192127937387-2:0, userName = guest, password = guest, brokerPath = null, brokerMasterConnector = false, manageable = true, clientMaster = false} INFO | jvm 1 | 2007/10/11 14:38:57 | java.lang.SecurityException: User guest is not authorized to create: topic://ActiveMQ.Advisory.Connection INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.security.AuthorizationBroker.addDestination ( AuthorizationBroker.java:65) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.MutableBrokerFilter.addDestination( MutableBrokerFilter.java:152) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.region.AbstractRegion.lookup(AbstractRegion.java :316) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java :291) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:385) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java :193) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java :272) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java :237) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java :232) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.advisory.AdvisoryBroker.removeConnection( AdvisoryBroker.java:205) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.BrokerFilter.removeConnection (BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection( SimpleAuthenticationBroker.java:71) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.MutableBrokerFilter.removeConnection( MutableBrokerFilter.java:120) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.TransportConnection.processRemoveConnection( TransportConnection.java:747) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.TransportConnection.stop ( TransportConnection.java:968) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.jmx.ManagedTransportConnection.stop( ManagedTransportConnection.java:74) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.TransportConnection.processShutdown( TransportConnection.java:362) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java:36) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.TransportConnection.service( TransportConnection.java:294) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.broker.TransportConnection$1.onCommand( TransportConnection.java:185) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java :65) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.transport.WireFormatNegotiator.onCommand ( WireFormatNegotiator.java:133) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.transport.InactivityMonitor.onCommand( InactivityMonitor.java:122) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.transport.TransportSupport.doConsume( TransportSupport.java:84) INFO | jvm 1 | 2007/10/11 14:38:57 | at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:137) INFO | jvm 1 | 2007/10/11 14:38:57 | at java.lang.Thread.run(Unknown Source) INFO | jvm 1 | 2007/10/11 14:39:38 | 14:39:38,480 WARN [ TransportConnection.Service] Failed to remove connection ConnectionInfo {commandId = 1, responseRequired = true, connectionId = ID:rfidserv-4143-1192127977980-0:1, clientId = ID:rfidserv-4143-1192127977980-2:0, userName = null, password = null, brokerPath = null, brokerMasterConnector = false, manageable = true, clientMaster = false} INFO | jvm 1 | 2007/10/11 14:39:38 | java.lang.SecurityException: User is not authenticated. INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.security.AuthorizationBroker.addDestination( AuthorizationBroker.java :57) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.MutableBrokerFilter.addDestination( MutableBrokerFilter.java:152) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.region.AbstractRegion.lookup (AbstractRegion.java :316) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java :291) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.region.RegionBroker.send (RegionBroker.java:385) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java :193) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory ( AdvisoryBroker.java:272) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java :237) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory ( AdvisoryBroker.java:232) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.advisory.AdvisoryBroker.removeConnection( AdvisoryBroker.java:205) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.BrokerFilter.removeConnection (BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection ( SimpleAuthenticationBroker.java:71) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.MutableBrokerFilter.removeConnection( MutableBrokerFilter.java:120) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection.processRemoveConnection( TransportConnection.java :747) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection.stop(TransportConnection.java :968) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.jmx.ManagedTransportConnection.stop ( ManagedTransportConnection.java:74) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection.processShutdown( TransportConnection.java:362) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java:36) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection.service( TransportConnection.java:294) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection$1.onCommand( TransportConnection.java:185) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:65) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.WireFormatNegotiator.onCommand( WireFormatNegotiator.java:133) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.InactivityMonitor.onCommand ( InactivityMonitor.java:122) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.TransportSupport.doConsume( TransportSupport.java:84) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.tcp.TcpTransport.run (TcpTransport.java:137) INFO | jvm 1 | 2007/10/11 14:39:38 | at java.lang.Thread.run(Unknown Source) INFO | jvm 1 | 2007/10/11 14:39:38 | 14:39:38,480 WARN [ TransportConnection.Service] Failed to remove connection ConnectionInfo {commandId = 1, responseRequired = true, connectionId = ID:rfidserv-4143-1192127977980-0:0, clientId = ID:rfidserv-4143-1192127977980-1:0, userName = gateway, password = secret, brokerPath = null, brokerMasterConnector = false, manageable = true, clientMaster = false} INFO | jvm 1 | 2007/10/11 14:39:38 | java.lang.SecurityException: User gateway is not authorized to create: topic://ActiveMQ.Advisory.Connection INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.security.AuthorizationBroker.addDestination ( AuthorizationBroker.java:65) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.MutableBrokerFilter.addDestination( MutableBrokerFilter.java:152) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.region.AbstractRegion.lookup(AbstractRegion.java :316) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java :291) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:385) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java :193) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java :272) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java :237) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java :232) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.advisory.AdvisoryBroker.removeConnection( AdvisoryBroker.java:205) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.BrokerFilter.removeConnection (BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection( SimpleAuthenticationBroker.java:71) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.MutableBrokerFilter.removeConnection( MutableBrokerFilter.java:120) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection.processRemoveConnection( TransportConnection.java:747) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection.stop ( TransportConnection.java:968) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.jmx.ManagedTransportConnection.stop( ManagedTransportConnection.java:74) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection.processShutdown( TransportConnection.java:362) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java:36) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection.service( TransportConnection.java:294) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.broker.TransportConnection$1.onCommand( TransportConnection.java:185) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java :65) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.WireFormatNegotiator.onCommand ( WireFormatNegotiator.java:133) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.InactivityMonitor.onCommand( InactivityMonitor.java:122) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.TransportSupport.doConsume( TransportSupport.java:84) INFO | jvm 1 | 2007/10/11 14:39:38 | at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:137) INFO | jvm 1 | 2007/10/11 14:39:38 | at java.lang.Thread.run(Unknown Source) INFO | jvm 1 | 2007/10/11 14:39:40 | 14:39:40,418 WARN [ TransportConnection.Service] Failed to remove connection ConnectionInfo {commandId = 1, responseRequired = true, connectionId = ID:rfidserv-4143-1192127977980-0:3, clientId = ID:rfidserv-4143-1192127977980-5:0, userName = null, password = null, brokerPath = null, brokerMasterConnector = false, manageable = true, clientMaster = false} INFO | jvm 1 | 2007/10/11 14:39:40 | java.lang.SecurityException: User is not authenticated. INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.security.AuthorizationBroker.addDestination( AuthorizationBroker.java :57) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.MutableBrokerFilter.addDestination( MutableBrokerFilter.java:152) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.region.AbstractRegion.lookup (AbstractRegion.java :316) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java :291) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.region.RegionBroker.send (RegionBroker.java:385) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java :193) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory ( AdvisoryBroker.java:272) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java :237) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory ( AdvisoryBroker.java:232) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.advisory.AdvisoryBroker.removeConnection( AdvisoryBroker.java:205) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.BrokerFilter.removeConnection (BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection ( SimpleAuthenticationBroker.java:71) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java :110) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.MutableBrokerFilter.removeConnection( MutableBrokerFilter.java:120) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.TransportConnection.processRemoveConnection( TransportConnection.java :747) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.TransportConnection.stop(TransportConnection.java :968) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.jmx.ManagedTransportConnection.stop ( ManagedTransportConnection.java:74) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.TransportConnection.processShutdown( TransportConnection.java:362) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java:36) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.TransportConnection.service( TransportConnection.java:294) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.broker.TransportConnection$1.onCommand( TransportConnection.java:185) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:65) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.transport.WireFormatNegotiator.onCommand( WireFormatNegotiator.java:133) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.transport.InactivityMonitor.onCommand ( InactivityMonitor.java:122) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.transport.TransportSupport.doConsume( TransportSupport.java:84) INFO | jvm 1 | 2007/10/11 14:39:40 | at org.apache.activemq.transport.tcp.TcpTransport.run (TcpTransport.java:137) INFO | jvm 1 | 2007/10/11 14:39:40 | at java.lang.Thread.run(Unknown Source) Thanks in advance.
