When a server’s authorization parameter is enabled, other servers that actively connect to it must authenticate themselves by name and password, or by X.509 certificate.
In Figure 40, servers A and B both configure active routes to one another.
When routing a secure topic or queue, servers consult the ACL specification before forwarding each message. The servers must grant one another appropriate permissions to send, receive, publish or subscribe.
For example, in Figure 40, you don’t need an ACL for messages to flow from A (where a producer is sending to) to B (where a consumer is consuming from) because B has authorization turned off and messages are being sent to and consumed from queues. However, if messages were to flow from B to A (producer connects to B and consumer connects to A), then server A's ACL should grant user B
send permission on the queue Q2.
If we were to use topics in this example, then for messages to flow from A to B, you would need A to grant B the
subscribe and
durable permission on the topic (
global on both servers). And for messages to flow from B to A, you would have to grant topic B
publish permission on the topic.