apache · tabish121 · Mar 3, 2026 · Feb 24, 2026
diff --git a/...java/org/apache/activemq/artemis/core/server/management/ArtemisRbacInvocationHandler.java b/...java/org/apache/activemq/artemis/core/server/management/ArtemisRbacInvocationHandler.java
@@ -54,6 +54,7 @@ public class ArtemisRbacInvocationHandler implements GuardInvocationHandler {
    Pattern viewPermissionMatcher;
    SimpleString rbacPrefix;
    SimpleString mBeanServerRbacAddressPrefix;
+   char addressDelimiter;
 
    ArtemisRbacInvocationHandler(MBeanServer mbeanServer) {
       delegate = mbeanServer;
@@ -157,7 +158,8 @@ private void initializeFromFirstServerMBeanRegistration(Method method, Object[]
 
             viewPermissionMatcher = Pattern.compile(activeMQServer.getConfiguration().getViewPermissionMethodMatchPattern());
             rbacPrefix = SimpleString.of(activeMQServer.getConfiguration().getManagementRbacPrefix());
-            mBeanServerRbacAddressPrefix = rbacPrefix.concat(".mbeanserver.");
+            addressDelimiter = activeMQServer.getConfiguration().getWildcardConfiguration().getDelimiter();
+            mBeanServerRbacAddressPrefix = rbacPrefix.concat(addressDelimiter).concat("mbeanserver").concat(addressDelimiter);
 
             serverControl.getServer().registerActivateCallback(new ActivateCallback() {
                @Override
@@ -306,21 +308,21 @@ SimpleString addressFrom(ObjectName objectName, String methodName) {
          }
       } else {
          // non artemis broker domain, prefix with domain
-         rbacAddress = rbacAddress.concat('.').concat(objectName.getDomain());
+         rbacAddress = rbacAddress.concat(addressDelimiter).concat(objectName.getDomain());
          type = removeQuotes(objectName.getKeyProperty("type"));
       }
 
       if (type != null) {
-         rbacAddress = rbacAddress.concat('.').concat(type);
+         rbacAddress = rbacAddress.concat(addressDelimiter).concat(type);
       }
       if (component != null) {
-         rbacAddress = rbacAddress.concat('.').concat(component);
+         rbacAddress = rbacAddress.concat(addressDelimiter).concat(component);
       }
       if (name != null) {
-         rbacAddress = rbacAddress.concat('.').concat(name);
+         rbacAddress = rbacAddress.concat(addressDelimiter).concat(name);
       }
       if (methodName != null) {
-         rbacAddress = rbacAddress.concat('.').concat(methodName);
+         rbacAddress = rbacAddress.concat(addressDelimiter).concat(methodName);
       }
 
       return rbacAddress;

diff --git a/...org/apache/activemq/artemis/core/server/management/ArtemisRbacMBeanServerBuilderTest.java b/...org/apache/activemq/artemis/core/server/management/ArtemisRbacMBeanServerBuilderTest.java
@@ -50,6 +50,7 @@
 import org.apache.activemq.artemis.api.core.SimpleString;
 import org.apache.activemq.artemis.api.core.management.ActiveMQServerControl;
 import org.apache.activemq.artemis.api.core.management.ObjectNameBuilder;
+import org.apache.activemq.artemis.core.config.WildcardConfiguration;
 import org.apache.activemq.artemis.core.security.CheckType;
 import org.apache.activemq.artemis.core.security.Role;
 import org.apache.activemq.artemis.core.server.ActiveMQServer;
@@ -81,6 +82,7 @@ public void testRbacAddressFrom() throws Exception {
       ArtemisRbacInvocationHandler handler = (ArtemisRbacInvocationHandler) Proxy.getInvocationHandler(proxy);
       handler.brokerDomain = "a.b";
       handler.rbacPrefix = SimpleString.of("jmx");
+      handler.addressDelimiter = WildcardConfiguration.DEFAULT_WILDCARD_CONFIGURATION.getDelimiter();
 
       try {
          handler.addressFrom(null);
@@ -165,6 +167,7 @@ public void testRbacAddressFromWithObjectNameBuilder() throws Exception {
          (ArtemisRbacInvocationHandler) Proxy.getInvocationHandler(proxy);
       handler.brokerDomain = ActiveMQDefaultConfiguration.getDefaultJmxDomain();
       handler.rbacPrefix = SimpleString.of(ActiveMQDefaultConfiguration.getManagementRbacPrefix());
+      handler.addressDelimiter = WildcardConfiguration.DEFAULT_WILDCARD_CONFIGURATION.getDelimiter();
 
       for (Method m : ObjectNameBuilder.class.getDeclaredMethods()) {
          if (Modifier.isPublic(m.getModifiers()) && ObjectName.class == m.getReturnType()) {
@@ -578,6 +581,44 @@ public void testQueryWithStar() throws Exception {
       assertInstanceOf(Set.class, result);
    }
 
+   @Test
+   public void testQueryWithCustomDelimeter() throws Exception {
+
+      MBeanServer proxy = underTest.newMBeanServer("d", mbeanServer, mBeanServerDelegate);
+
+      final ActiveMQServer server = createServer(false);
+      server.setMBeanServer(proxy);
+      server.getConfiguration().setJMXManagementEnabled(true).setSecurityEnabled(true).getWildcardConfiguration().setDelimiter('&');
+
+      Set<Role> roles = new HashSet<>();
+      roles.add(new Role("viewers", false, false, false, false, false, false, false, false, false, false, true, false));
+      server.getConfiguration().putSecurityRoles("mops&mbeanserver&queryNames", roles);
+
+      server.start();
+
+      Hashtable<String, String> attrs = new Hashtable<>();
+      attrs.put("broker", "bb");
+      attrs.put("type", "security");
+      attrs.put("area", "jmx");
+      attrs.put("name", "*");
+
+      final ObjectName queryName = new ObjectName("*", attrs);
+
+      Subject viewSubject = new Subject();
+      viewSubject.getPrincipals().add(new UserPrincipal("v"));
+      viewSubject.getPrincipals().add(new RolePrincipal("viewers"));
+
+      Object result = SecurityManagerShim.callAs(viewSubject, (Callable<Object>) () -> {
+         try {
+            return proxy.queryNames(queryName, null);
+         } catch (Exception e1) {
+            return e1;
+         }
+      });
+      assertNotNull(result);
+      assertInstanceOf(Set.class, result);
+   }
+
    @Test
    public void testQueryAllFiltered() throws Exception {
 

diff --git a/...java/org/apache/activemq/artemis/tests/integration/isolated/security/JmxSecurityTest.java b/...java/org/apache/activemq/artemis/tests/integration/isolated/security/JmxSecurityTest.java
@@ -274,6 +274,21 @@ public void testJxmAuthFlightRecorder() throws Exception {
       fr.getConfigurations();
    }
 
+   @Test
+   public void testJxmAuthFlightRecorderWithCustomWildcardDelimiter() throws Exception {
+
+      server.getConfiguration().getWildcardConfiguration().setDelimiter('-');
+      Set<Role> roles = new HashSet<>();
+      roles.add(new Role("programmers", false, false, false, false, true, false, false, false, false, false, true, false));
+      server.getConfiguration().putSecurityRoles("jmx-jdk.management.jfr-#", roles);
+
+      server.start();
+
+      ObjectName runtimeName = new ObjectName("jdk.management.jfr", "type", "FlightRecorder");
+      FlightRecorderMXBean fr = JMX.newMXBeanProxy(ManagementFactory.getPlatformMBeanServer(), runtimeName, FlightRecorderMXBean.class, false);
+      fr.getConfigurations();
+   }
+
    @Test
    public void testQueueAuthorization() throws Exception {
       final SimpleString ADDRESS = SimpleString.of("address");