-
-
Notifications
You must be signed in to change notification settings - Fork 58
Security
PHP client is able to work with secured brokers, correctly applying their authentication and authorization policies. For more information on how to secure ActiveMQ broker see this page.
When connecting to the broker you can specify username and password which will be used to check your privileges against broker's security mechanism.
try {
$stomp->connect('dejan', 'test');
} catch (StompException $e) {
echo "dejan cannot connect\n";
echo $e->getMessage() . "\n";
echo $e->getDetails() . "\n\n\n";
}
In case of unsuccessful authentication, the connect()
method will throw StompException.
dejan cannot connect
User name or password is invalid.
java.lang.SecurityException: User name or password is invalid.
at org.apache.activemq.security.SimpleAuthenticationBroker.addConnection(SimpleAuthenticationBroker.java:52)
at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:666)
at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:83)
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:297)
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:175)
at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
at org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
at org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:487)
at org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommand(ProtocolConverter.java:187)
at org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
at java.lang.Thread.run(Thread.java:613)
As you can see, you can use getMessage()
method is used to get short message of the error. To get the full stack trace from the broker (if provided), you can use getDetails()
method.
If you use synchronous operations you can handle authorization errors when you try to access (read/write) certain destinations.
try {
$stomp->send('/queue/test', 'test');
echo "Guest sent message with body 'test'\n";
} catch (StompException $e) {
echo "guest cannot send\n";
echo $e->getMessage() . "\n";
echo $e->getDetails() . "\n\n\n";
}
In case of error, you can expect the following output
guest cannot send
User guest is not authorized to write to: queue://test
java.lang.SecurityException: User guest is not authorized to write to: queue://test
at org.apache.activemq.security.AuthorizationBroker.send(AuthorizationBroker.java:176)
at org.apache.activemq.broker.MutableBrokerFilter.send(MutableBrokerFilter.java:133)
at org.apache.activemq.broker.TransportConnection.processMessage(TransportConnection.java:443)
at org.apache.activemq.command.ActiveMQMessage.visit(ActiveMQMessage.java:631)
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:297)
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:175)
at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
at org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
at org.apache.activemq.transport.stomp.ProtocolConverter.onStompSend(ProtocolConverter.java:247)
at org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommand(ProtocolConverter.java:173)
at org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
at java.lang.Thread.run(Thread.java:613)
The full example of the PHP Stomp client security and exceptions handling can be found in examples/security.php
.