You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by "Harikrishnan P (JIRA)" <ji...@apache.org> on 2014/04/19 07:06:14 UTC

[jira] [Comment Edited] (APLO-354) Giving Topic based authorization to user groups  using access_rule 

    [ https://issues.apache.org/jira/browse/APLO-354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13974715#comment-13974715 ] 

Harikrishnan P edited comment on APLO-354 at 4/19/14 5:06 AM:
--------------------------------------------------------------

Yes using openwire.

The apollo.xml used is like this:

<broker xmlns="http://activemq.apache.org/schema/activemq/apollo">

  <notes>
    The default configuration with tls/ssl enabled.
  </notes>

  <log_category console="console" security="security" connection="connection" audit="audit"/>


  <authentication domain="apollo"/>
  <!-- Give admins full access -->
  <access_rule allow="admins" action="*"/>
  <access_rule allow="*" action="connect" kind="connector"/>
  <access_rule allow="hosts" action="connect create" />
  <access_rule allow="guests" action="connect create" />

  <virtual_host id="mybroker">
    <!--
      You should add all the host names that this virtual host is known as
      to properly support the STOMP 1.1 virtual host feature.
      -->
    <host_name>mybroker</host_name>
    <host_name>localhost</host_name>
    <host_name>127.0.0.1</host_name>
    <topic id="something" slow_consumer_policy="queue">
      <subscription tail_buffer="4k"/>
    </topic>

    <!-- Uncomment to disable security for the virtual host -->
    <!-- <authentication enabled="false"/> -->

    <!-- Uncomment to disable security for the virtual host -->
    <!-- <authentication enabled="false"/> -->
    <access_rule allow="guests" action="receive consume" kind="queue topic" id="*" />

    <!-- You can delete this element if you want to disable persistence for this virtual host -->
    <leveldb_store directory="${apollo.base}/data"/>


  </virtual_host>

  <web_admin bind="http://127.0.0.1:61680"/>
  <web_admin bind="https://127.0.0.1:61681"/>

  <connector id="tcp" bind="tcp://0.0.0.0:61613" connection_limit="2000"/>
  <connector id="tls" bind="tls://0.0.0.0:61614" connection_limit="2000"/>
  <connector id="ws"  bind="ws://0.0.0.0:61623"  connection_limit="2000"/>
  <connector id="wss" bind="wss://0.0.0.0:61624" connection_limit="2000"/>

  <key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password"/>

</broker>
             


was (Author: harikrish07121991):
Not using "openwire".Using the any protocol connector.
The apollo.xml used is like this:

<broker xmlns="http://activemq.apache.org/schema/activemq/apollo">

  <notes>
    The default configuration with tls/ssl enabled.
  </notes>

  <log_category console="console" security="security" connection="connection" audit="audit"/>


  <authentication domain="apollo"/>
  <!-- Give admins full access -->
  <access_rule allow="admins" action="*"/>
  <access_rule allow="*" action="connect" kind="connector"/>
  <access_rule allow="hosts" action="connect create" />
  <access_rule allow="guests" action="connect create" />

  <virtual_host id="mybroker">
    <!--
      You should add all the host names that this virtual host is known as
      to properly support the STOMP 1.1 virtual host feature.
      -->
    <host_name>mybroker</host_name>
    <host_name>localhost</host_name>
    <host_name>127.0.0.1</host_name>
    <topic id="something" slow_consumer_policy="queue">
      <subscription tail_buffer="4k"/>
    </topic>

    <!-- Uncomment to disable security for the virtual host -->
    <!-- <authentication enabled="false"/> -->

    <!-- Uncomment to disable security for the virtual host -->
    <!-- <authentication enabled="false"/> -->
    <access_rule allow="guests" action="receive consume" kind="queue topic" id="*" />

    <!-- You can delete this element if you want to disable persistence for this virtual host -->
    <leveldb_store directory="${apollo.base}/data"/>


  </virtual_host>

  <web_admin bind="http://127.0.0.1:61680"/>
  <web_admin bind="https://127.0.0.1:61681"/>

  <connector id="tcp" bind="tcp://0.0.0.0:61613" connection_limit="2000"/>
  <connector id="tls" bind="tls://0.0.0.0:61614" connection_limit="2000"/>
  <connector id="ws"  bind="ws://0.0.0.0:61623"  connection_limit="2000"/>
  <connector id="wss" bind="wss://0.0.0.0:61624" connection_limit="2000"/>

  <key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password"/>

</broker>
             

> Giving Topic based authorization to user groups  using access_rule 
> -------------------------------------------------------------------
>
>                 Key: APLO-354
>                 URL: https://issues.apache.org/jira/browse/APLO-354
>             Project: ActiveMQ Apollo
>          Issue Type: Question
>    Affects Versions: 1.4
>         Environment: Ubuntu,Java
>            Reporter: Harikrishnan P
>            Priority: Critical
>
> Using Apollo 1.4 broker for enabling topic based authorization. Specified <access_rule> inside <virtual host> like this,
> "<access_rule allow="guests" action="receive,consume" kind="topic queue" id="app1.*"/>"
> But its not possible to subscribe from topic "app1.*"(its showing authorization error saying that user is not authorized to subscribe from this TempQueue). But if the id is replaced by a wildcard ,like * then the user group can subscribe from any topic. 
> Please help how to authorize the group to subscribe from a particular a particular topic.



--
This message was sent by Atlassian JIRA
(v6.2#6252)