How to configure ActiveMQ to assign an 'anonymous' user and role to non-authenticated users

Question

I wish to set up a ActiveMQ instance (primarily as a STOMP server) which will service requests from two types of clients:

1. authenticated users which can read and write to topics
2. non-authenticated users which can only read from topics

I have been using the SimpleAuthenticationBroker so far and I cannot see anyway to configure the above situation, nor do I see any bit in the code which recognises a wildcard for a user to pass authentication.

If I configure the server to use the authentication broker, it will expect ALL connections to authenticate, which is what I don't want.

The only solution I think I can see is to provide my own implementation to support the functionality I require, but I would love to find some way built into the server.

Answer 1

As of ActiveMQ 5.4, you can set it up in the following way. find the

<plugins>
    ...
</plugins>

section in the etc/activemq.xml file and edit it to contain the simpleAuthenticationPlugin like this:

<simpleAuthenticationPlugin anonymousAccessAllowed="true" />

Source: http://activemq.apache.org/security.html

Answer 2

This feature is now available as of ActiveMQ 5.4, as I've just found when searching for the same functionality: http://activemq.apache.org/security.html

Answer 3

This is not currently supported by ActiveMQ security implementation, but you can always define a user that can connect without a password with read-only privileges.

You can raise Jira enhancement request (https://issues.apache.org/activemq/browse/AMQ) for this non-authenticated users feature and better yet provide a patch for current plugins.