2.1. User Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.2. Role Permissions. . . . . Shiro credentials when you explicitly logout. 1.1. History • Version 3.2 ◦ Added optional role-based permissions capability • Version 3.1.1 ◦ released April 19, 2018 ◦ Update Spring Security Shiro version script. 2.1. User Permissions To use the Shiro annotations and methods you need a way to associate roles and permissions with users. The Spring Security Core plugin already handles the role part for you,

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 43.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . to simplify integration • "FirstMessage" API for scheduled messages • New "view" and "edit" permissions for management operations configurable via security- settings in broker.xml • New sslAutoReload 11.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 43.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . to simplify integration • "FirstMessage" API for scheduled messages • New "view" and "edit" permissions for management operations configurable via security- settings in broker.xml • New sslAutoReload 10.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 43.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . to simplify integration • "FirstMessage" API for scheduled messages • New "view" and "edit" permissions for management operations configurable via security- settings in broker.xml • New sslAutoReload 9.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 43.2. Role based security for addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . to simplify integration • "FirstMessage" API for scheduled messages • New "view" and "edit" permissions for management operations configurable via security- settings in broker.xml • New sslAutoReload 8.2. Upgrading from 2.28.0 • Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure

分指 定角色即权限信息； org.apache.shiro.realm.text.PropertiesRealm： user.username=password,role1,role2 指定用户 名/密码及其角色；role.role1=permission1,permission2 指定角色及权限信息； org.apache.shiro.realm.jdbc.JdbcRealm：通过 sql 查询相应的信息，如“select from users where username = ?”获取用户密码及盐；“select role_name from user_roles where username = ?” 获取用户角色；“select permission from roles_permissions where role_name = ?”获取角色对 应的权限信息；也可以调用相应的 api 进行自定义 sql； 本文将使用 mysql 数据库及 druid 连接池； 2、到数据库 shiro 下建三张表：users（用户名/密码）、user_roles（用户/角色）、roles_permissions （角色/权限），具体请参照 shiro-example-chapter2/sql/shiro.sql；并添加一个用户记录，用 户名/密码为 zhang/123； 3、ini 配置（shiro-jdbc-realm

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Preface 6 Preface What is Apache ActiveMQ Artemis? Apache Upgrading from older versions Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question. Note: this applies to all Versions 9 MBean access

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Preface 6 Preface What is Apache ActiveMQ Artemis? Apache Upgrading from older versions Due to ARTEMIS-4151 the default access for MBeans not defined in the role-access or allowlist of management.xml is now read only. This is a precautionary measure to ensure management.xml either by changing the default-access (not recommended) or specifically configuring a role-access for the particular MBean in question. Note: this applies to all MBean access including directly

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Preface 6 Preface What is Apache ActiveMQ Artemis? Apache impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They will now need createNonDurableQueue as well. Again, this only has potential impact for MQTT specific username and role during the authentication process. ii. When login.config is configured with the CertificateLoginModule which causes users to be assigned a username and role corresponding to

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Preface 6 Preface What is Apache ActiveMQ Artemis? Apache impact security-settings for MQTT clients which previously only had createDurableQueue for their role. They will now need createNonDurableQueue as well. Again, this only has potential impact for MQTT specific username and role during the authentication process. ii. When login.config is configured with the CertificateLoginModule which causes users to be assigned a username and role corresponding to