Hi Jo,
Apache ActiveMQ Artemis contains a flexible role-based security model for
applying security to queues, based on their addresses, see the
documentation [1] for further details.
Suppose you have userA with the roleA that can only consume queueA and
userB with roleB that can only consume queueB:
apiVersion: broker.amq.io/v1alpha1
kind: ActiveMQArtemisSecurity
metadata:
name: ex-prop
spec:
loginModules:
propertiesLoginModules:
- name: 'prop-module'
users:
- name: userA
password: userA
roles:
- roleA
- name: userB
password: userB
roles:
- roleB
securityDomains:
brokerDomain:
name: 'activemq'
loginModules:
- name: 'prop-module'
flag: 'sufficient'
securitySettings:
broker:
- match: 'queue1'
permissions:
- operationType: 'consume'
roles:
- roleA
- match: 'queue2'
permissions:
- operationType: 'consume'
roles:
- roleB
[1]
https://activemq.apache.org/components/artemis/documentation/latest/security.html#role-based-security-for-addresses
Regards,
Domenico
On Fri, 6 May 2022 at 10:37, Jo De Troy <[email protected]> wrote:
> Hello,
>
> I'm pretty new to the ActiveMQ (Artemis) world.
> I was wondering if it's possible to define different users per queue when
> using e.g. PropertiesLoginModule.
> So userA would be able to only produce on queueA but not on queueB
> Suppose you have a broker with a few 50 different queues you don't want all
> clients to use the same credentials if they only need access to 1 queue.
>
> If it's possible would there be an example I can find somewhere for this
> type of configuration?
> I'm trying to use the ActiveMQ Artemis running on a container platform, so
> the security config would hopefully be created by using the
> ActiveMQArtemisSecurity CRD
>
> Best Regards,
> Jo
>
