I have the following configuration. The server listens to incoming ActiveMQ messages from producers that run on clients. I want to avoid from a client to create a consumer. Otherwise any client can sniff to all messages on bus and this is serious security flaw. Is there anyway to restrict clients to create only producer?
Asked
Active
Viewed 52 times
1 Answers
0
ActiveMQ feature different security options to control access on a fine grained level.
You typically want to use the authorization plugin.
For instance, if you have a queue Queue1 that user sputnik should produce to and user apollo should consume from, you can setup the authorizationPlugin like this:
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="Queue1" read="apollo" write="sputnik" admin="admin" />
- Read: Consume
- Write: Produce
- Admin: Create
You can create authorization entries like queue=">" that maps to every queue, or a prefix with queue="SECRET.>"
Ensure you have authentication enabled to use these features.
Petter Nordlander
- 22,053
- 5
- 50
- 84