diff --git a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
index b0659a995e4..d0886930343 100644
--- a/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
+++ b/artemis-cli/src/main/resources/org/apache/activemq/artemis/cli/commands/etc/broker.xml
@@ -117,8 +117,15 @@ ${cluster-security.settings}${cluster.settings}${replicated.settings}${shared-st
-
+
+
+
+
+
+
+
+
diff --git a/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java b/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java
index b8c606979a6..82ff7bd58d2 100644
--- a/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java
+++ b/artemis-cli/src/test/java/org/apache/activemq/cli/test/ArtemisTest.java
@@ -44,8 +44,11 @@
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.regex.Pattern;
+import org.apache.activemq.artemis.core.security.Role;
+
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
import org.apache.activemq.artemis.api.core.ActiveMQIllegalStateException;
import org.apache.activemq.artemis.api.core.JsonUtil;
@@ -2380,6 +2383,46 @@ public String getPropertyTwo() {
}
}
+ @Test
+ @Timeout(60)
+ public void testDefaultSecuritySettings() throws Exception {
+ FileConfiguration configuration = createFileConfiguration(getTestMethodName(),
+ "--silent", "--no-web", "--no-autotune");
+
+ Map> securityRoles = configuration.getSecurityRoles();
+
+ // wildcard match should have all permissions except manage
+ Set wildcardRoles = securityRoles.get("#");
+ assertNotNull(wildcardRoles, "Expected security-setting for '#'");
+ assertEquals(1, wildcardRoles.size());
+ Role wildcardRole = wildcardRoles.iterator().next();
+ assertEquals("amq", wildcardRole.getName());
+ assertTrue(wildcardRole.isSend());
+ assertTrue(wildcardRole.isConsume());
+ assertTrue(wildcardRole.isBrowse());
+ assertTrue(wildcardRole.isCreateDurableQueue());
+ assertTrue(wildcardRole.isDeleteDurableQueue());
+ assertTrue(wildcardRole.isCreateNonDurableQueue());
+ assertTrue(wildcardRole.isDeleteNonDurableQueue());
+ assertTrue(wildcardRole.isCreateAddress());
+ assertTrue(wildcardRole.isDeleteAddress());
+ assertFalse(wildcardRole.isManage(), "manage permission must not be on the wildcard '#' address");
+
+ // management address match should have manage plus supporting permissions
+ Set mgmtRoles = securityRoles.get("activemq.management.#");
+ assertNotNull(mgmtRoles, "Expected security-setting for 'activemq.management.#'");
+ assertEquals(1, mgmtRoles.size());
+ Role mgmtRole = mgmtRoles.iterator().next();
+ assertEquals("amq", mgmtRole.getName());
+ assertTrue(mgmtRole.isManage());
+ assertTrue(mgmtRole.isSend());
+ assertTrue(mgmtRole.isConsume());
+ assertTrue(mgmtRole.isCreateNonDurableQueue());
+ assertTrue(mgmtRole.isDeleteNonDurableQueue());
+ assertTrue(mgmtRole.isCreateAddress());
+ assertTrue(mgmtRole.isDeleteAddress());
+ }
+
private static File newFolder(File root, String subFolder) throws IOException {
File result = new File(root, subFolder);
if (!result.mkdirs()) {
diff --git a/artemis-features/src/main/resources/artemis.xml b/artemis-features/src/main/resources/artemis.xml
index 4162707d7a6..7bf3daebe61 100644
--- a/artemis-features/src/main/resources/artemis.xml
+++ b/artemis-features/src/main/resources/artemis.xml
@@ -144,8 +144,15 @@ under the License.
-
+
+
+
+
+
+
+
+
diff --git a/tests/smoke-tests/src/main/resources/servers/jmx-rbac-broker-security/broker.xml b/tests/smoke-tests/src/main/resources/servers/jmx-rbac-broker-security/broker.xml
index 3f9ee00a2cb..d2b323d94fa 100644
--- a/tests/smoke-tests/src/main/resources/servers/jmx-rbac-broker-security/broker.xml
+++ b/tests/smoke-tests/src/main/resources/servers/jmx-rbac-broker-security/broker.xml
@@ -70,7 +70,15 @@ under the License.
+
+
+
+
+
+
+
+