Perfect Joe, that works as a charm!!
But I still got some question to ask :)
I even need to add the authentication for 'topic=">"' together with
'queue=">"' because otherwise no "dynamic" queue creation was able (here I
mean when Mule connects to ActiveMQ to read from a non-existing queue, that
queue is "automatically" registered); not a big deal but still...
Another problem with that "dynamic queue creation": it seems I need to have
an admin user to be able to create that queue: if I use "user/password" to
log in from Mule I receive:
WARN Service - Failed to remove connection
ConnectionInfo {commandId = 1, responseRequired = true, connectionId =
ID:de_tosisa-3398-1221496082109-0:0, clientId =
ID:de_tosisa-3398-1221496082109-1:0, userName = user, password = password,
brokerPath = null, brokerMasterConnector = false, manageable = true,
clientMaster = true}
java.lang.SecurityException: User user is not authorized to create:
topic://ActiveMQ.Advisory.Connection
while using system/manager I got no problem. Is there a way to avoid
granting admin rights to normal users or not?
TIA,
Sandro
Joe Fernandez wrote:
>
> You have both the <jaasAuthenticationPlugin> and
> <simpleAuthenticationPlugin> elements defined, and the
> <simpleAuthenticationPlugin> is outside the <broker> element. You can't
> have both elements defined. I believe you were trying to use the
> <simpleAuthenticationPlugin>. Here's an example.
>
>
> <plugins>
> <simpleAuthenticationPlugin>
> <users>
> <authenticationUser username="system" password="manager"
> groups="users,admins"/>
> <authenticationUser username="user" password="password"
> groups="users"/>
> <authenticationUser username="guest" password="password"
> groups="guests"/>
> </users>
> </simpleAuthenticationPlugin>
>
> <!-- lets configure a destination based authorization mechanism -->
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue=">" read="users,admins"
> write="users,admins" admin="admins" />
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
>
> </plugins>
>
> If you're not using Camel, comment out or remove the <camelContext>
> element if it exists in your config file. If you are using Camel, then
> consult the Camel site for info on how to configure Camel.
>
> http://activemq.apache.org/camel/configuring-camel.html
>
> Joe
>
--
View this message in context:
http://www.nabble.com/Protect-queues-access-with-password-tp19453220p19496448.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
