InformationIn order to have role based authentication inside our queue server you need to setup HornetQ with these directives.
You can restrict the access to particular queue (read/write) or even prevent the creation, deletion of new queues, with a basic role based access control.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
SolutionSet the security-setting parameters to match needed requirements:
<permission type="send" roles="MyRole"/>
<permission type="consume" roles="MyRole"/>
<permission type="createNonDurableQueue" roles="MyRole"/>
<permission type="deleteNonDurableQueue" roles="MyRole"/>