JBoss.orgCommunity Documentation
Securing the HornetQ REST interface is very simple with the JBoss Application Server. You turn on authentication for all URLs within your WAR's web.xml, and let the user Principal to propagate to HornetQ. This only works if you are using the JBossSecurityManager with HornetQ. See the HornetQ documentation for more details.
To secure the HornetQ REST interface in other environments you must role your own security by specifying security constraints with your web.xml for every path of every queue and topic you have deployed. Here is a list of URI patterns:
Table 8.1.
| /queues | secure the POST operation to secure queue creation |
| /queues/{queue-name} | secure the GET HEAD operation to getting information about the queue. |
| /queues/{queue-name}/create/* | secure this URL pattern for producing messages. |
| /queues/{queue-name}/pull-consumers/* | secure this URL pattern for pulling messages messages. |
| /queues/{queue-name}/push-consumers/* | secure this URL pattern for pushing messages. |
| /topics | secure the POST operation to secure topic creation |
| /topics/{topic-name} | secure the GET HEAD operation to getting information about the topic. |
| /topics/{topic-name}/create/* | secure this URL pattern for producing messages. |
| /topics/{topic-name}/pull-subscriptions/* | secure this URL pattern for pulling messages messages. |
| /topics/{topic-name}/push-subscriptions/* | secure this URL pattern for pushing messages. |