We are using Apache ActiveMQ version 5.15.8. We have created Broker to Broker ActiveMQ network using ssh tunneling. Broker-A is enqueuing messages & messages are getting dequeued at Broker-B end. We have added below configuration to restrict the Broker-A from creating new queues other than specified one.
Below is configuration at Broker-B: a) Contents added in activemq.xml <plugins> <simpleAuthenticationPlugin> <users> <authenticationUser username="admin" password=" adminpassword" groups="admins,all" /> <authenticationUser username="test" password="testpassword " groups="admins,all" /> </users> </simpleAuthenticationPlugin> <jaasAuthenticationPlugin configuration="activemq" /> <authorizationPlugin> <map> <authorizationMap> <authorizationEntries> <authorizationEntry queue="demo.test " read="admins" write="admins" admin="admins" /> <authorizationEntry topic="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins"/> </authorizationEntries> </authorizationMap> </map> </authorizationPlugin> </plugins> b) Contents of users.properties admin= adminpassword test= testpassword c) Contents of groups.properties admins=admin,test all=admin,test d) Contents of credentials.properties activemq.username=admin activemq.password= adminpassword e) Contents of jetty-realm.properties admin: adminpassword, admin test: testpassword, admin Below is configuration at Broker-A: a) Contents added in activemq.xml <networkConnectors> <networkConnector name="testlinkconnector" userName="admin" password=" adminpassword " uri="static:(tcp://127.0.0.1:61618)?connection.useCompression=true" staticBridge="true"> <staticallyIncludedDestinations> <queue physicalName=" demo.test"/> </staticallyIncludedDestinations> </networkConnector> If we just add <simpleAuthenticationPlugin> plugin in Broker-B configuration then bridge connection is working between Broker-A to Broker-B. But when are adding <simpleAuthenticationPlugin>, <jaasAuthenticationPlugin> and <authorizationPlugin> Broker-B configuration then bridge connection is not working. We are getting below error at Broker-A end. 2019-04-18 05:04:20,932 | INFO | localhost bridge to localhost stopped | org.apache.activemq.network.DemandForwardingBridgeSupport | ActiveMQ BrokerService[localhost] Task-2263 2019-04-18 05:04:50,930 | INFO | Establishing network connection from vm://localhost to tcp://127.0.0.1:61618 | org.apache.activemq.network.DiscoveryNetworkConnector | ActiveMQ Task-2 2019-04-18 05:04:50,973 | INFO | Network connection between vm://localhost#4146 and tcp:///127.0.0.1:61618@37514 (localhost) has been established. | org.apache.activemq.network.DemandForwardingBridgeSupport | triggerStartAsyncNetworkBridgeCreation: remoteBroker=tcp:///127.0.0.1:61618@37514, localBroker= vm://localhost#4146 2019-04-18 05:04:50,977 | ERROR | Network connection between vm://localhost#4146 and tcp:///127.0.0.1:61618@37514 shutdown due to a remote error: {} | org.apache.activemq.network.DemandForwardingBridgeSupport | ActiveMQ Transport: tcp:///127.0.0.1:61618@37514 java.lang.SecurityException: User name [admin] or password is invalid. at org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.8.jar:5.15.8] at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)[activemq-broker-5.15.8.jar:5.15.8] at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.8.jar:5.15.8] at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.8.jar:5.15.8] at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.8.jar:5.15.8] at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.8.jar:5.15.8] at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.8.jar:5.15.8] at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.8.jar:5.15.8] at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.8.jar:5.15.8] at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[activemq-client-5.15.8.jar:5.15.8] at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)[activemq-client-5.15.8.jar:5.15.8] at org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)[activemq-client-5.15.8.jar:5.15.8] at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.8.jar:5.15.8] at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.8.jar:5.15.8] at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.8.jar:5.15.8] at java.lang.Thread.run(Thread.java:748)[:1.8.0_191] We want that Broker-A can only send messages if it is having proper credentials and Broker-A can only create or sends messages to the specific queue (demo.test)at Broker-B end. Broker-A can only create demo.test queue at Broker-B end if it does not exist. Broker-A should not create or sends messages to any other queue at Broker-B end though it is having proper credentials. -- Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html