You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by "Jean-Fabrice [gmail]" <je...@gmail.com> on 2008/05/20 09:36:48 UTC
[AMQ5] Desesperately trying to use read/write privileges on queue
Hi list,
I encounter the following issue, while trying to use differents
read/write privileges on a stable ActiveMQ5.1 and a Net::Stomp perl
client.
Here is part the interesting par of my activemq.xml :
...
<destinations>
<queue physicalName="users.queue"/>
</destinations>
<plugins>
<jaasAuthenticationPlugin configuration="activemq-domain" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="users.>" read="readers" write="writers"
admin="admins" />
<authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="all" write="all"
admin="all"/>
</authorizationEntries>
</authorizationMap>
</map>
<authorizationPlugin>
</plugins>
...
Here is my conf/users.properties :
admin=******
reader=******
writer=******
Here is my conf/groups.properties :
admins=admin
readers=reader
writers=writer
all=admin,reader,writer
when 'reader' try to read from users.queue, here is what I get :
ERROR Service - Async error occurred: java.lang.SecurityException:
User reader is not authorized to read from: queue://users.queue
java.lang.SecurityException: User reader is not authorized to read
from: queue://users.queue
When 'writer' try to write on users.queue, here is what I get :
ERROR Service - Async error occurred: java.lang.SecurityException:
User writer is not authorized to create: queue://users.queue
java.lang.SecurityException: User writer is not authorized to create:
queue://users.queue
btw, this last sounds particularly strange since users.queue is
created at startup (I can *see* it using either JMX or webconsole). If
I try to write to a non existent queue then the error is "User writer
is not authorized to write..". Sounds like this two errors messages
have been mixed.
It looks like read and write privileges are not used. The only way I
found to solve this issue is to give both readers and writers admins
rights on "users.>"
Can anyone help ?
JF