Disable access to Dead Letter Queue

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable access to Dead Letter Queue

cnadukula
Hi,

as part of a security concern that we have, I was wondering if there is any
way that we can disable access to Apache Artemis's Dead Letter queue, all
together. like people cannot retrieve  the message either from hawt or using
curl command either. Please let me know.

Thanks,
Chandra



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: Disable access to Dead Letter Queue

jbertram
> like people cannot retrieve the message either from hawt or using curl
command either.

If you need to secure a particular management operation you can use the
security functionality added in Artemis 2.4.0 via ARTEMIS-1463 [1].
Documentation is available here [2].


Justin

[1] https://issues.apache.org/jira/browse/ARTEMIS-1463
[2] https://activemq.apache.org/artemis/docs/latest/management.html (see
the "Role Based Authentication with JMX" section)

On Tue, Jan 2, 2018 at 1:20 PM, cnadukula <[hidden email]> wrote:

> Hi,
>
> as part of a security concern that we have, I was wondering if there is any
> way that we can disable access to Apache Artemis's Dead Letter queue, all
> together. like people cannot retrieve  the message either from hawt or
> using
> curl command either. Please let me know.
>
> Thanks,
> Chandra
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>
Reply | Threaded
Open this post in threaded view
|

Re: Disable access to Dead Letter Queue

cnadukula
Thanks Justin for the response. But please correct me if i am wrong, I added
the following to management.xml file

<match domain="org.apache.activemq.apache" key="queue=DLQ">
            <access method="*" roles=""/>
</match>

I put in the queue as DLQ and access method as anything and assigned no
roles to it. Is this the right way to do it?

If not could you please guide me the right way.

Also i noticed roles such as "view, update, amq", what is amq in this
context?

Thanks,
Chandra



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: Disable access to Dead Letter Queue

cnadukula
hi guys,

any update for me on this?

Thanks,
CHandra



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html