Hi Aleksandr, you could use the Jolokia endpoint sending HTTP requests or implement your custom QueueRequestor setting auto-delete-queues, i.e.
public Message request(Message message) throws JMSException { queue = session.createQueue("activemq.management") tempQueue = session.createQueue("activemq.management." + UUID.randomUUID().toString()) sender = session.createSender(queue); receiver = session.createReceiver(tempQueue); message.setJMSReplyTo(tempQueue); sender.send(message); return (receiver.receive()); } Regards, Domenico On Mon, 28 Aug 2023 at 13:00, MILOVIDOV Aleksandr < aleksandr.milovi...@raiffeisen.ru> wrote: > Hello Team, > > We have problem using management client in restricted environment where > user can send/receive messages only to specified destinations. > I would like to clarify how ActiveMQ Artemis management client works and > if it is correct. > > I have created Artemis broker instance with --allow-anonynous-access > option and audit logs enabled. > Then I have run management client example from ActiveMQ Artemis github > repo (mvn verify -PnoServer) and collected the logs. > First it sends an example message to exampleQueue, then connects with > management client, and first audit log message is: > > 2023-08-28 13:21:15,729 [AUDIT](Thread-1 > (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$6@31da6b2e)) > AMQ601065: User admin(amq)@127.0.0.1:54463 is creating a queue on target > resource: ServerSessionImpl() with parameters: [QueueConfiguration > [id=null, name=231844ae-cc6c-493e-93f8-9b6714b102c2, > address=231844ae-cc6c-493e-93f8-9b6714b102c2, routingType=ANYCAST, > filterString=null, durable=false, user=null, maxConsumers=-1, > exclusive=null, groupRebalance=null, groupRebalancePauseDispatch=null, > groupBuckets=null, groupFirstKey=null, lastValue=null, lastValueKey=null, > nonDestructive=null, purgeOnNoConsumers=false, enabled=null, > consumersBeforeDispatch=null, delayBeforeDispatch=null, > consumerPriority=null, autoDelete=null, autoDeleteDelay=null, > autoDeleteMessageCount=null, ringSize=null, configurationManaged=null, > temporary=true, autoCreateAddress=null, internal=null, transient=null, > autoCreated=false, fqqn=null]] > > Even if we grant permissions to activemq.management address, client cannot > connect because it tries to create a temporary address with uuid-like name > with temporary queue. > To make it work we need to grant createAddress, createNonDurableQueue, > send and consume to all queues by # wildcard, but it is not suitable for > environment with fine-grained authorizations. > We would like to make possible for users to connect to Artemis with > management clients like JMSToolBox without adding unnecessary permissions. > > Is it possible to make management client use predefined address for > temporary queues or some temporary address prefix? > > -- > Best regards, > Aleksandr > > > ----------------------------------- > > This message and any attachment are confidential and may be privileged or > otherwise protected from disclosure. If you are not the intended recipient > any use, distribution, copying or disclosure is strictly prohibited. If you > have received this message in error, please notify the sender immediately > either by telephone or by e-mail and delete this message and any attachment > from your system. Correspondence via e-mail is for information purposes > only. AO Raiffeisenbank neither makes nor accepts legally binding > statements by e-mail unless otherwise agreed. > > ----------------------------------- >