ActiveMQ 5.10: Cannot restrict access to server from remote client

356 views Asked by At

I install ActiveMQ 5.10 on MacOSX Yosemite. I can change the file jetty-realm.properties to restrict access to Web Console at localhost:8161.

However, when I write Ruby code to connect to the ActiveMQ using Stomp like this:

require 'stomp'
client = Stomp::Client.new('any username', 'any password', 'localhost', 61613)

I can use the client to publish and subscribe to every queue on ActiveMQ server.

Can somebody please suggest a way that I can restrict the access to ActiveMQ server from remote connections.

I have tried the following links, but none of them works: https://security.stackexchange.com/questions/7989/how-to-secure-a-activemq http://activemq.apache.org/version-5-getting-started.html#Version5GettingStarted-ConfiguringActiveMQ http://activemq.apache.org/security.html

1

There are 1 answers

0
Châu Hồng Lĩnh On

I found the answer after playing awhile more and read the whole schema file for broker.

In ActiveMQ 5.10, the broker is put directly in conf/activemq.xml.

First, I solve the problem like this: In activemq.xml, under <broker>, I put:

<plugins> 
  <simpleAuthenticationPlugin>
    <users>
      <authenticationUser username="admin" password="password" groups="admins,publishers,consumers"/>
    </users>
  </simpleAuthenticationPlugin>
</plugins>

So it was the missing <plugins> in all the dumb documentations that made the config be useless.

Better solution:

I copy the whole <broker> section in activemq.xml and place it in a file called broker.xml (You can call it anything, for example apache_dumb_documentation.xml), under a section called <bean>

<beans
  xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans  
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">

  <broker>
    ... broker config here, including <plugins> ...
  </broker>

</beans>

Then in activemq, in the former place of <broker>, I just write:

<import resource="broker.xml"/>