CODEWITHSUNDEEP
javac#activemq-classic
Killer Kombo
Killer Kombo

Reputation: 1

ActiveMQ 5.15.9 Security

I'm currently using ActiveMQ 5.15.9 deployed on our Test Server. I have to implement some sort of security so that the Queues inside won't be access by anyone. So far what I've done is add the following to the activemq.xml:

<plugins>
    <simpleAuthenticationPlugin anonymousAccessAllowed ="false">
        <users>
            <authenticationUser
                username="admin"
                password="pass"
                groups="admins,publishers,consumers" />
        </users>
    </simpleAuthenticationPlugin>
    <authorizationPlugin>
        <map>
            <authorizationMap>
                <authorizationEntries>
                    <authorizationEntry topic =">" write="producers" read="consumers" admin="admins" />         
                    <authorizationEntry queue ="TEST.Q" write="producers" read="consumers" admin="admins" />
                </authorizationEntries>
            </authorizationMap>
        </map>
    </authorizationPlugin>
</plugins>

On my C# this is how a access the Queue:

private static void SendNewMessageQueue(string text)
{
    string queueName = "TEST";
    Console.WriteLine($"Adding message to queue topic: {queueName}");
    string brokerUri = $"activemq:tcp://localhost:61616";  // Default port
    NMSConnectionFactory factory = new NMSConnectionFactory(brokerUri);
    using (IConnection connection = factory.CreateConnection("admin","pass"))
    {
        connection.Start();
        using (ISession session = connection.CreateSession(AcknowledgementMode.AutoAcknowledge))
            using (IDestination dest = session.GetQueue(queueName))
                using (IMessageProducer producer = session.CreateProducer(dest))
                {
                    producer.DeliveryMode = MsgDeliveryMode.NonPersistent;
                    producer.Send(session.CreateTextMessage(text));
                    Console.WriteLine($"Sent {text} messages");
                }
    }
}

But when I try and Run my Code I get the Following Error: 

User admin is not authorized to write to: queue://TEST

I need this so I can expose this MQ to the Internet and have this secured by only allowing consumers/publishers who has the credentials.

Upvotes: 0

Views: 141

Answers (1)

Tim Bish
Tim Bish

Reputation: 18356

You have configured security for a Queue called TEST.Q but you are trying to use a queue called TEST which is not the same so you are getting this error. If you want to expose all queues under the test prefix then it'd look more like:

     <authorizationEntry queue ="TEST.>" write="producers" read="consumers" admin="admins" />

There are some docs for security configuration here, and also understanding the wildcard syntax will help.

Exposing a broker over the internet as you've mentioned is no small task so proceed with caution.

Upvotes: 1

Related Questions