St.Antario
St.Antario

Reputation: 27455

Configuring authorization for activemq

I'm writing a test application using ActiveMQ embedded broker on the same machine. I tried to configure it as follows:

activemq.xml:

<amq:broker  useJmx="false" persistent="false">
    <amq:transportConnectors>
      <amq:transportConnector uri="tcp://localhost:61616" />
    </amq:transportConnectors>
</amq:broker>

<amq:simpleAuthenticationPlugin >
    <amq:users>
        <amq:authenticationUser username="system" password="manager"
          groups="users,admins" />
    </amq:users>
</amq:simpleAuthenticationPlugin>

Tomcat's context.xml: !!The Password is deliberately incorrect!!

<Resource name="jms/ConnectionFactory" auth="Container" userName="userssname" password="passwords"
    type="org.apache.activemq.ActiveMQConnectionFactory" description="JMS Connection Factory"
    factory="org.apache.activemq.jndi.JNDIReferenceFactory" brokerURL="tcp://localhost:61616"
    brokerName="LocalActiveMQBroker" />

But, when I try to perform injection I can easily create a ConnectionFactory object and send/receive messages even with incorrect password. How can I deny this?

Upvotes: 3

Views: 1857

Answers (1)

johan
johan

Reputation: 548

I believe that you need to add authorization entries for queues and topics as well.

Example authorization plugin configuration:

<authorizationPlugin>
    <map>
        <authorizationMap>
            <authorizationEntries>
                <authorizationEntry queue=">" write="admins,publishers" read="admins,consumers" admin="admins" />
                <authorizationEntry topic=">" write="admins,publishers" read="admins,consumers" admin="admins" />
                <authorizationEntry topic="ActiveMQ.Advisory.>" read="everyone" write="everyone" admin="everyone"/>
            </authorizationEntries>
        </authorizationMap>
    </map>
</authorizationPlugin>

Upvotes: 3

Related Questions