> ...I’m not 100% sure if this requirement comes from Qpid library which we are using, or Camel, or is it a requirement for JMS subscribers in general...
This is a requirement for JMS topic subscriptions in general. See the documentation [1] for more details. > Is there a way to limit amount of queues a particular role or user can create? Yes. See the resource limits documentation [2]. Justin [1] https://activemq.apache.org/components/artemis/documentation/latest/jms-core-mapping.html#mapping-jms-concepts-to-the-core-api [2] https://activemq.apache.org/components/artemis/documentation/latest/resource-limits.html#resource-limits On Wed, Apr 16, 2025 at 3:43 AM Vilius Šumskas <vilius.sums...@rivile.lt.invalid> wrote: > Hello, > > we have a pub/sub Java app which relies on JMS durable subscriptions and > is using Artemis as messaging broker. The broker runs in our environment. > The app is deployed externally in the environment we don’t control an acts > as a subscriber. For this app we have dedicated a separate role in the > Artemis broker. > > We noticed that this role needs to have createDurableQueue and > deleteDurableQueue permission for the app to work correctly. Something like: > > <security-setting match="address-for-external-role"> > <permission type="createDurableQueue" roles="amq, > external-role"/> > <permission type="deleteDurableQueue" roles="amq, > external-role"/> > <permission type="createAddress" roles="amq"/> > <permission type="consume" roles="amq, external-role"/> > <permission type="send" roles="amq"/> > </security-setting> > > Since I’m not a developer I’m not 100% sure if this requirement comes from > Qpid library which we are using, or Camel, or is it a requirement for JMS > subscribers in general, however I’m trying to understand what could be done > to protect our Artemis environment. Mainly I’m concerned that even if the > role has access to just one address, in theory, the user could create as > many durable queues in the address as he wants, this way overloading the > system. > > Is there a way to limit amount of queues a particular role or user can > create? Or maybe our messaging model is wrong and we should not be using > JMS subscriptions in case of external app at all? > > -- > Best Regards, > > Vilius Šumskas > Rivile > IT manager > >
