Test Access Control

Close this browser-tab and go back to the Edit broker page. From the Revision drop down select the new revision you just created. You may need to refresh your browser window to see the Revision. Once the new Revision is selected, click Schedule modifications. On the next page, select Immediately and click on Apply. It might takes few minutes to restart the broker.

security11

After the broker is again in the status Running, run the following command in a terminal tab in the Cloud9 IDE (replacing the parameter with the value you have chosen) to start sending messages to queue.user1 as user2.

 
java -jar ./bin/amazon-mq-client.jar -url $url -user user2 -password <user 2 password> -mode sender -type queue -destination queue.user1 -name user2

You should see a log output like the following, indicating that user2 is not authorized to write into this queue.

 
[ActiveMQ Task-1] INFO org.apache.activemq.transport.failover.FailoverTransport - Successfully connected to ssl://b-4e4bfd69-7b83-4a27-9faf-4684cfa80443-2.mq.eu-central-1.amazonaws.com:61617
Error: User user2 is not authorized to write to: queue://queue.user1

Try now to send messages to the same queue as user1 by using the string below in a cloud9 window, (replacing with the value you have chosen).

 
java -jar ./bin/amazon-mq-client.jar -url $url -user user1 -password <user 1 password> -mode sender -type queue -destination queue.user1 -name user1

As expected, user1 can write on this queue. You can try a similar excercise with the topic topic.user2, verifying that user1 cannot publish nor receive messages from the topic, while user2 can (the commands can be found in Lab 2, but you will need to adapt the -user and -password parameters)

Stop the sender by holding CTRL + C or or CONTROL + C in the terminal window.