ActiveMQ authorization

Question

If I want to implement JAAS authorization on Apache ActiveMQ, do I have to use the plug-in in the activemq.xml configuration file?

This way is really NOT good becaus

Answer 1

Whenever I have set up ActiveMQ security, I have found it best to use the plain AuthorizationPlugin with wildcards that denote the destinations covered (which is why it's really handy to use naming conventions fro your queues and topics). The idea is that you define a handful of user groups and grant them access to those destinations.

The role of assigning a group from a username is handled by one of the authentication plugins - the JAAS plugin is particularly useful for externalising this information outside the ActiveMQ config in an LDAP directory.

Check out the ActiveMQ Security Guide from FuseSource (registration required) for further information.

Update 2018-07-02 ActiveMQ Security Guide, now located on redhat.