Skip to content

Security

Jump to bottom
Konstantin Chukhlomin edited this page Sep 5, 2015 · 1 revision

PHP client is able to work with secured brokers, correctly applying their authentication and authorization policies. For more information on how to secure ActiveMQ broker see this page.

Authentication

When connecting to the broker you can specify username and password which will be used to check your privileges against broker's security mechanism.

try {
    $stomp->connect('dejan', 'test');
} catch (StompException $e) {
    echo "dejan cannot connect\n";
    echo $e->getMessage() . "\n";
    echo $e->getDetails() . "\n\n\n";
}

In case of unsuccessful authentication, the connect() method will throw StompException.

dejan cannot connect
User name or password is invalid.
java.lang.SecurityException: User name or password is invalid.
    at org.apache.activemq.security.SimpleAuthenticationBroker.addConnection(SimpleAuthenticationBroker.java:52)
    at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
    at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
    at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:666)
    at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:83)
    at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
    at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:297)
    at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:175)
    at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
    at org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
    at org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
    at org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:487)
    at org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommand(ProtocolConverter.java:187)
    at org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
    at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
    at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
    at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
    at java.lang.Thread.run(Thread.java:613)

As you can see, you can use getMessage() method is used to get short message of the error. To get the full stack trace from the broker (if provided), you can use getDetails() method.

Authorization

If you use synchronous operations you can handle authorization errors when you try to access (read/write) certain destinations.

try {
    $stomp->send('/queue/test', 'test');
    echo "Guest sent message with body 'test'\n";
} catch (StompException $e) {
    echo "guest cannot send\n";
    echo $e->getMessage() . "\n";
    echo $e->getDetails() . "\n\n\n";
}

In case of error, you can expect the following output

guest cannot send
User guest is not authorized to write to: queue://test
java.lang.SecurityException: User guest is not authorized to write to: queue://test
    at org.apache.activemq.security.AuthorizationBroker.send(AuthorizationBroker.java:176)
    at org.apache.activemq.broker.MutableBrokerFilter.send(MutableBrokerFilter.java:133)
    at org.apache.activemq.broker.TransportConnection.processMessage(TransportConnection.java:443)
    at org.apache.activemq.command.ActiveMQMessage.visit(ActiveMQMessage.java:631)
    at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:297)
    at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:175)
    at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
    at org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
    at org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
    at org.apache.activemq.transport.stomp.ProtocolConverter.onStompSend(ProtocolConverter.java:247)
    at org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommand(ProtocolConverter.java:173)
    at org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
    at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
    at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
    at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
    at java.lang.Thread.run(Thread.java:613)

The full example of the PHP Stomp client security and exceptions handling can be found in examples/security.php.

Clone this wiki locally