You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2021/07/20 20:38:50 UTC

[activemq-artemis] branch main updated: NO-JIRA add broker config doc for REST

This is an automated email from the ASF dual-hosted git repository.

jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git


The following commit(s) were added to refs/heads/main by this push:
     new 3a8e995  NO-JIRA add broker config doc for REST
3a8e995 is described below

commit 3a8e9953f12ff100d6e5c28002900812d2024a94
Author: Justin Bertram <jb...@apache.org>
AuthorDate: Tue Jul 20 15:38:35 2021 -0500

    NO-JIRA add broker config doc for REST
---
 docs/user-manual/en/rest.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/docs/user-manual/en/rest.md b/docs/user-manual/en/rest.md
index 35d1e75..67b5a4b 100644
--- a/docs/user-manual/en/rest.md
+++ b/docs/user-manual/en/rest.md
@@ -295,6 +295,36 @@ Let's give an explanation of each config option.
 - `url`. The URL the Apache ActiveMQ Artemis REST implementation should use
   to connect to the Apache ActiveMQ Artemis instance. Default to "vm://0".
 
+### Broker Configuration
+
+If you are _only_ dealing with REST clients (i.e. no other remote messaging 
+clients using JMS, AMQP, STOMP, etc.) the simplest broker configuration
+involves a single in-vm acceptor, e.g.:
+```xml
+<acceptor name="invm">vm://0</acceptor>
+```
+Then set `<security-enabled>false</security-enabled>`. Be sure to remove any
+other `acceptor` elements so no remote clients can connect insecurely.
+
+If you must support other remote clients then configure an in-vm `acceptor`
+with its own `securityDomain` that will allow unsecured access from the REST
+implementation's in-vm connector, e.g.:
+```xml
+<acceptor name="invm">vm://0?securityDomain=invm</acceptor>
+```
+Then configure a new entry in your `login.config` that will allow access with
+no credentials. The name of the entry should match the value of the `securityDomain`
+on your in-vm acceptor, e.g.:
+```
+invm {
+    org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule required
+        debug=true
+        org.apache.activemq.jaas.guest.user="restUser"
+        org.apache.activemq.jaas.guest.role="activemq";
+};
+```
+See the [security](security.md) chapter for more details on the `GuestLoginModule`.
+
 ## Apache ActiveMQ Artemis REST Interface Basics
 
 The Apache ActiveMQ Artemis REST interface publishes a variety of REST resources to