Security settings
Artemis contains a flexible role-based security model for applying security to queues, based on their addresses. The security settings on this page will be applied against any address with a name that matches the Address match wildcard expression.
Artemis contains a flexible role-based security model for applying security to queues, based on their addresses.
id: security-settings title: Security settings sidebar_label: Security settings
Security settings that are applied on the address level.
Security settings which will be applied against any addresses with a name that matches a certain wildcard expression.
When match is jms.queue.example
for example, the settings would only be applied to any addresses which exactly match the address jms.queue.example
. You can also use wildcards to apply settings against many addresses. For example, if you used the match string jms.queue.#
, the settings would be applied to all addresses that start with jms.queue.
(which would be all JMS queues).
Note that only the most specific match is applied for each address. Some examples from most specific to least specific: jms.queue.example
(matches one JMS queue), jms.*.example
(matches one JMS queue and one JMS topic), jms.queue.#
(matches all JMS queues), jms.#
(matches all JMS queues and JMS topics).
Address match
A HornetQ wildcard expression contains words delimited by the character .
(full stop).
The special characters #
and *
also have special meaning and can take the place of a word:
- the character
#
matches any sequence of zero or more words - the character
*
matches a single word
So the wildcard news.europe.#
would match news.europe
, news.europe.sport
, news.europe.politics
and news.europe.politics.regional
, but would not match news.usa
, news.usa.sport
nor entertainment
.
The wildcard news.*
would match news.europe
, but not news.europe.sport
.
The wildcard news.*.sport
would match news.europe.sport
and also news.usa.sport
, but not news.europe.politics
.
Note that addresses of JMS queues are always prefixed with jms.queue.
and addresses of JMS topics with jms.topic.
. So the wildcard jms.queue.#
would match all JMS queues for example.
Required
Send
Comma-separated list of user roles that are granted permission to send a message to matching addresses.
Note that the cluster user of the HornetQ server always has full privileges, even without specifying any security settings.
Consume
Comma-separated list of user roles that are granted permission to consume a message from a queue bound to matching addresses.
Note that the cluster user of the HornetQ server always has full privileges, even without specifying any security settings.
Create durable queue
Comma-separated list of user roles that are granted permission to create a durable queue under matching addresses.
Note that the cluster user of the HornetQ server always has full privileges, even without specifying any security settings.
Delete durable queue
Comma-separated list of user roles that are granted permission to delete a durable queue under matching addresses.
Note that the cluster user of the HornetQ server always has full privileges, even without specifying any security settings.
Create non-durable queue
Comma-separated list of user roles that are granted permission to create a non-durable queue under matching addresses.
Note that the cluster user of the HornetQ server always has full privileges, even without specifying any security settings.
Delete non-durable queue
Comma-separated list of user roles that are granted permission to delete a non-durable queue under matching addresses.
Note that the cluster user of the HornetQ server always has full privileges, even without specifying any security settings.
Manage
Comma-separated list of user roles that are granted permission to invoke management operations by sending management messages to the management address.
Note that the cluster user of the HornetQ server always has full privileges, even without specifying any security settings.