Hi Aleksandr,
you could use the Jolokia endpoint sending HTTP requests or implement your
custom QueueRequestor setting auto-delete-queues, i.e.
public Message request(Message message) throws JMSException {
queue = session.createQueue("activemq.management")
tempQueue = session.createQueue("activemq.management." +
UUID.randomUUID().toString())
sender = session.createSender(queue);
receiver = session.createReceiver(tempQueue);
message.setJMSReplyTo(tempQueue);
sender.send(message);
return (receiver.receive());
}
Regards,
Domenico
On Mon, 28 Aug 2023 at 13:00, MILOVIDOV Aleksandr <
aleksandr.milovi...@raiffeisen.ru> wrote:
> Hello Team,
>
> We have problem using management client in restricted environment where
> user can send/receive messages only to specified destinations.
> I would like to clarify how ActiveMQ Artemis management client works and
> if it is correct.
>
> I have created Artemis broker instance with --allow-anonynous-access
> option and audit logs enabled.
> Then I have run management client example from ActiveMQ Artemis github
> repo (mvn verify -PnoServer) and collected the logs.
> First it sends an example message to exampleQueue, then connects with
> management client, and first audit log message is:
>
> 2023-08-28 13:21:15,729 [AUDIT](Thread-1
> (ActiveMQ-server-org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl$6@31da6b2e))
> AMQ601065: User admin(amq)@127.0.0.1:54463 is creating a queue on target
> resource: ServerSessionImpl() with parameters: [QueueConfiguration
> [id=null, name=231844ae-cc6c-493e-93f8-9b6714b102c2,
> address=231844ae-cc6c-493e-93f8-9b6714b102c2, routingType=ANYCAST,
> filterString=null, durable=false, user=null, maxConsumers=-1,
> exclusive=null, groupRebalance=null, groupRebalancePauseDispatch=null,
> groupBuckets=null, groupFirstKey=null, lastValue=null, lastValueKey=null,
> nonDestructive=null, purgeOnNoConsumers=false, enabled=null,
> consumersBeforeDispatch=null, delayBeforeDispatch=null,
> consumerPriority=null, autoDelete=null, autoDeleteDelay=null,
> autoDeleteMessageCount=null, ringSize=null, configurationManaged=null,
> temporary=true, autoCreateAddress=null, internal=null, transient=null,
> autoCreated=false, fqqn=null]]
>
> Even if we grant permissions to activemq.management address, client cannot
> connect because it tries to create a temporary address with uuid-like name
> with temporary queue.
> To make it work we need to grant createAddress, createNonDurableQueue,
> send and consume to all queues by # wildcard, but it is not suitable for
> environment with fine-grained authorizations.
> We would like to make possible for users to connect to Artemis with
> management clients like JMSToolBox without adding unnecessary permissions.
>
> Is it possible to make management client use predefined address for
> temporary queues or some temporary address prefix?
>
> --
> Best regards,
> Aleksandr
>
>
> -----------------------------------
>
> This message and any attachment are confidential and may be privileged or
> otherwise protected from disclosure. If you are not the intended recipient
> any use, distribution, copying or disclosure is strictly prohibited. If you
> have received this message in error, please notify the sender immediately
> either by telephone or by e-mail and delete this message and any attachment
> from your system. Correspondence via e-mail is for information purposes
> only. AO Raiffeisenbank neither makes nor accepts legally binding
> statements by e-mail unless otherwise agreed.
>
> -----------------------------------
>
