I think your best bet is probably to implement a custom security manager that wraps the existing JAAS security manager and intercepts operations and injects data into and pulls data out of the user's Subject. The general wrapping functionality is demonstrated in this example [1].
There is no 1-to-1 mapping for plugins between Classic and Artemis. They are simply too different architecturally. That said, I believe most folks have been able to migrate with a bit of reimplementation and/or rethinking their approach. I'm not sure what you mean that you can't see a way to prevent a client from creating arbitrary queues. There's a whole chapter [2] in the user manual dedicated to security configuration specifically including role-base authorization. There are also a couple of security related examples in the examples repo. Justin [1] https://github.com/apache/activemq-artemis-examples/tree/main/examples/features/standard/security-manager [2] https://activemq.apache.org/components/artemis/documentation/latest/security.html#authentication-authorization On Fri, Feb 16, 2024 at 6:46 AM Jędrzej Dudkiewicz < jedrzej.dudkiew...@gmail.com> wrote: > Hello, > > more than year ago I wrote to this group with the same problem: > > [1] https://www.mail-archive.com/dev@activemq.apache.org/msg68723.html > > I answered questions asked (I think in details) here: > > [2] https://www.mail-archive.com/dev@activemq.apache.org/msg68726.html > > I never got an answer and the problem was left (on my side) for later, > since ActiveMQ is still being developed, but it feels like it may not be > the case in the future, so I don't want to postpone migration. > > I'd like to ask if anything has changed in the broker (Artemis) since I > asked my question above. Or if there is some other way to solve (or > workaround) the main problems i had (quoting from [2]): > > 1. I can't see a way to attach my own data to client's session and the > only way to do it seems to write JAAS plugin/login module. > 2. I can't see a way to prevent client from creating arbitrary queues. > > For details as to why those two are the problems, please refer to [2] > above. > > Thanks, > -- > Jędrzej Dudkiewicz > > I really hate this damn machine, I wish that they would sell it. > It never does just what I want, but only what I tell it. >
