You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by "Dondorp, Erwin" <er...@cgi.com.INVALID> on 2022/05/19 09:27:12 UTC
permissions for temporary queues
Hello,
A namespace exists for temporary queues so that address-settings can be applied to temporary queues.
That namespace is configured using configuration parameter "temporary-queue-namespace".
In my setup, the security-settings are applied to very specific patterns/prefixes only, so that no user has permissions on "#".
When my observation is correct, creating temporary queues always fails unless "createNonDurableQueue" is granted to "#".
But that contradicts my careful organisation of permissions.
I tried to configure security-settings using the value from temporary-queue-namespace, but that seemed ineffective.
My suspicion is that temporary-queue-namespace is only used for address-settings, but not for security-settings.
Is that suspicion correct?
And, if so, is that really intended?
thx,
Erwin
RE: permissions for temporary queues
Posted by "Dondorp, Erwin" <er...@cgi.com.INVALID>.
Domenico,
Thanks for finding that one. Obviously, it has my vote now.
And I'm glad that I can stop searching and experimenting for this...
e.
-----Oorspronkelijk bericht-----
Van: Domenico Francesco Bruscino <br...@gmail.com>
Verzonden: donderdag 19 mei 2022 11:41
Aan: users@activemq.apache.org
Onderwerp: Re: permissions for temporary queues
EXTERNAL SENDER: Do not click any links or open any attachments unless you trust the sender and know the content is safe.
EXPÉDITEUR EXTERNE: Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe à moins qu’ils ne proviennent d’un expéditeur fiable, ou que vous ayez l'assurance que le contenu provient d'une source sûre.
Hi Erwin,
your suspicion is right, the temporary-queue-namespace is only used for address-settings, but not for security-settings, see ARTEMIS-3692 [1].
[1] https://urldefense.com/v3/__https://issues.apache.org/jira/browse/ARTEMIS-3692__;!!AaIhyw!sndbMKxDclJf5TC3NBldW-MteNPbg8-5eEEo-4lWT97jH_39lr7eSQcmgxq1E4GPy6KMekVlLkBkCAG25FsN$
Regards,
Domenico
On Thu, 19 May 2022 at 11:27, Dondorp, Erwin <er...@cgi.com.invalid>
wrote:
> Hello,
>
> A namespace exists for temporary queues so that address-settings can
> be applied to temporary queues.
> That namespace is configured using configuration parameter
> "temporary-queue-namespace".
>
> In my setup, the security-settings are applied to very specific
> patterns/prefixes only, so that no user has permissions on "#".
> When my observation is correct, creating temporary queues always fails
> unless "createNonDurableQueue" is granted to "#".
> But that contradicts my careful organisation of permissions.
>
> I tried to configure security-settings using the value from
> temporary-queue-namespace, but that seemed ineffective.
>
> My suspicion is that temporary-queue-namespace is only used for
> address-settings, but not for security-settings.
> Is that suspicion correct?
> And, if so, is that really intended?
>
> thx,
> Erwin
>
Re: permissions for temporary queues
Posted by Domenico Francesco Bruscino <br...@gmail.com>.
Hi Erwin,
your suspicion is right, the temporary-queue-namespace is only used for
address-settings, but not for security-settings, see ARTEMIS-3692 [1].
[1] https://issues.apache.org/jira/browse/ARTEMIS-3692
Regards,
Domenico
On Thu, 19 May 2022 at 11:27, Dondorp, Erwin <er...@cgi.com.invalid>
wrote:
> Hello,
>
> A namespace exists for temporary queues so that address-settings can be
> applied to temporary queues.
> That namespace is configured using configuration parameter
> "temporary-queue-namespace".
>
> In my setup, the security-settings are applied to very specific
> patterns/prefixes only, so that no user has permissions on "#".
> When my observation is correct, creating temporary queues always fails
> unless "createNonDurableQueue" is granted to "#".
> But that contradicts my careful organisation of permissions.
>
> I tried to configure security-settings using the value from
> temporary-queue-namespace, but that seemed ineffective.
>
> My suspicion is that temporary-queue-namespace is only used for
> address-settings, but not for security-settings.
> Is that suspicion correct?
> And, if so, is that really intended?
>
> thx,
> Erwin
>