Reputation: 1823
ActiveMQ 5.10: Cannot restrict access to server from remote client
I install ActiveMQ 5.10 on MacOSX Yosemite. I can change the file jetty-realm.properties to restrict access to Web Console at localhost:8161.
However, when I write Ruby code to connect to the ActiveMQ using Stomp like this:
require 'stomp'
client = Stomp::Client.new('any username', 'any password', 'localhost', 61613)
I can use the client to publish and subscribe to every queue on ActiveMQ server.
Can somebody please suggest a way that I can restrict the access to ActiveMQ server from remote connections.
I have tried the following links, but none of them works: https://security.stackexchange.com/questions/7989/how-to-secure-a-activemq http://activemq.apache.org/version-5-getting-started.html#Version5GettingStarted-ConfiguringActiveMQ http://activemq.apache.org/security.html
Upvotes: 0
Views: 374
Answers (1)
Reputation: 1823
I found the answer after playing awhile more and read the whole schema file for broker.
In ActiveMQ 5.10, the broker is put directly in conf/activemq.xml.
First, I solve the problem like this: In activemq.xml, under <broker>, I put:
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="admin" password="password" groups="admins,publishers,consumers"/>
</users>
</simpleAuthenticationPlugin>
</plugins>
So it was the missing <plugins> in all the dumb documentations that made the config be useless.
Better solution:
I copy the whole <broker> section in activemq.xml and place it in a file called broker.xml (You can call it anything, for example apache_dumb_documentation.xml), under a section called <bean>
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<broker>
... broker config here, including <plugins> ...
</broker>
</beans>
Then in activemq, in the former place of <broker>, I just write:
<import resource="broker.xml"/>
Upvotes: 0
Related Questions
- ActiveMQ SecurityException: User name [defaultUser] or password is invalid
- ActiveMQ 5.15.9 Security
- ActiveMQ 5.15 HTTP ERROR: 503
- ActiveMQ connection refused
- ActiveMQ Browser V2.5.2.8 can't connect to ActiveMQ V5.12.1
- Configuring authorization for activemq
- activemq User is not authorized to create: topic://ActiveMQ.Advisory.Connection
- ActiveMQ Simple Authentication Plugin - user admin is not authorized to create: topic://ActiveMQ.Advisory.Connection
- ActiveMQ: Restrict access to destination programmatically
- activemq deny remote connections