Hello,
we have a pub/sub Java app which relies on JMS durable subscriptions and is
using Artemis as messaging broker. The broker runs in our environment. The app
is deployed externally in the environment we don’t control an acts as a
subscriber. For this app we have dedicated a separate role in the Artemis
broker.
We noticed that this role needs to have createDurableQueue and
deleteDurableQueue permission for the app to work correctly. Something like:
<security-setting match="address-for-external-role">
<permission type="createDurableQueue" roles="amq, external-role"/>
<permission type="deleteDurableQueue" roles="amq, external-role"/>
<permission type="createAddress" roles="amq"/>
<permission type="consume" roles="amq, external-role"/>
<permission type="send" roles="amq"/>
</security-setting>
Since I’m not a developer I’m not 100% sure if this requirement comes from Qpid
library which we are using, or Camel, or is it a requirement for JMS
subscribers in general, however I’m trying to understand what could be done to
protect our Artemis environment. Mainly I’m concerned that even if the role has
access to just one address, in theory, the user could create as many durable
queues in the address as he wants, this way overloading the system.
Is there a way to limit amount of queues a particular role or user can create?
Or maybe our messaging model is wrong and we should not be using JMS
subscriptions in case of external app at all?
--
Best Regards,
Vilius Šumskas
Rivile
IT manager
