Currently the temporary-queue-namespace is only relevant for address-settings, not security-settings. Therefore, the only way to enforce security settings on temporary queues is to use the match "#". I think extending the functionality of temporary-queue-namespace to security-settings would be worthwhile. Feel free to open a Jira [1] for this if you like.
Justin [1] https://issues.apache.org/jira/browse/ARTEMIS On Wed, Feb 16, 2022 at 4:00 PM KevinO <oneal.ke...@gmail.com> wrote: > Is there a way to add Role Based Security to temporary queues? So far I get > the error: > > User: myUser does not have permission='CREATE_NON_DURABLE_QUEUE' for queue > b9b3ac6e-8d1e-47c6-b168-495a5b35e39f on address > b9b3ac6e-8d1e-47c6-b168-495a5b35e39f] > > The security setting all myUser to send and receive on its queue specified > as follows: > > <security-setting match="MYADDRESS.#"> > > <permission type="createNonDurableQueue" roles="amq,myRole"/> > > <permission type="deleteNonDurableQueue" roles="amq,myRole"/> > > <permission type="createDurableQueue" roles="amq"/> > > <permission type="deleteDurableQueue" roles="amq"/> > > <permission type="createAddress" roles="amq"/> > > <permission type="deleteAddress" roles="amq"/> > > <permission type="consume" roles="amq,myRole"/> > > <permission type="browse" roles="amq,myRole"/> > <permission type="send" roles="amq,myRole"/> > <!-- we need this otherwise ./artemis data imp wouldn't work > --> > <permission type="manage" roles="amq"/> > </security-setting> > > I've tried setting > <temporary-queue-namespace>TEMP</temporary-queue-namespace>, and then added > security-settings to allow myRole access, but to no great success. > > Any alternate recommendation on how to accomplish the request/reply pattern > would also be appreciated. >
