While trying to set up a nice and automatic way to configure artemis users I stumbled on the wildcard routing that can be used within the security-settings block.
Leveraging this would make inter application communication easy. Sending something from appA to appB could always be done by using a fixed queue pattern: appA.appB.requestSomething would indicate communication from appA to appB containing requestSomething. Is would be trivial to create a queue with requestSomethingElse etc.
Inverse would also be possible, just flip around the pattern: appB.appA.responseSomething etc.
Given the following security-settings block:
<security-setting match="appA.#">
<permission type="createDurableQueue" roles="appA"/>
<permission type="deleteDurableQueue" roles="appA"/>
<permission type="createAddress" roles="appA"/>
<permission type="deleteAddress" roles="appA"/>
<permission type="consume" roles="appA"/>
<permission type="browse" roles="appA"/>
<permission type="send" roles="appA"/>
<permission type="manage" roles="appA"/>
</security-setting>
<security-setting match="*.appA.#">
<permission type="consume" roles="appA"/>
<permission type="browse" roles="appA"/>
</security-setting>
<security-setting match="appB.#">
<permission type="createDurableQueue" roles="appB"/>
<permission type="deleteDurableQueue" roles="appB"/>
<permission type="createAddress" roles="appB"/>
<permission type="deleteAddress" roles="appB"/>
<permission type="consume" roles="appB"/>
<permission type="browse" roles="appB"/>
<permission type="send" roles="appB"/>
<permission type="manage" roles="appB"/>
</security-setting>
<security-setting match="*.appB.#">
<permission type="consume" roles="appB"/>
<permission type="browse" roles="appB"/>
</security-setting>
and configuring a producer with appA sending to appA.appB.request the following exception is thrown: Cause: AMQ229213: User: appA does not have permission='CREATE_DURABLE_QUEUE' for queue appA.appB.request on address appA.appB.request.
Did the security-settings block describing the read permissions for appB overrule all previous described settings?
Is this undocumented behavior? Did I misunderstand how this mechanism should work?
Looked like a great way to configure communication between different applications..
Jan Vandendriessche is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.