5 Replies Latest reply on Mar 23, 2002 9:55 AM by pra

Accessing a JMS queue from external java app

mkotsbak Mar 18, 2002 6:08 AM

I am trying to connect to a queue that is set up in JBoss from an standalone java application in another VM. Then I get an security error, even when I have specified the user/pw in jbossmq-state.xml.

Is there something special I have to do to allow external programs to access the JMS queues inside jboss. I think there should be some place I specify which hosts that can connect to the queues also.

I tried to insert the <securityconf> in the definition of the queues, with full access, but I could not find any doc on this part of the sar-file (and no example of external access)!

If it could help I can post the stacktrace/errormessage, but since the errormessage was no clear, I thought it could be some misconfiguration.

1. Re: Accessing a JMS queue from external java app

jwijgerd Mar 18, 2002 7:03 PM (in response to mkotsbak)

Hi,

I simply include all the jars from the jboss\client directory in my classpath and then connect like this:

jndiContext = new InitialContext();

queueConnectionFactory = (QueueConnectionFactory)
jndiContext.lookup("ConnectionFactory");
peopleQueue = (Queue) jndiContext.lookup("queue/peopleQueue");
answerQueue = (Queue) jndiContext.lookup("queue/answerQueue");

queueConnection =
queueConnectionFactory.createQueueConnection();
queueSession =
queueConnection.createQueueSession(false,
Session.AUTO_ACKNOWLEDGE);
queueSender = queueSession.createSender(peopleQueue);
message = queueSession.createTextMessage();
message.setText("Payload");
queueSender.send(message);

Oh yeah, I also have jndi.properties on my classpath.

Hope this helps,

Joost.
Actions
2. Re: Accessing a JMS queue from external java app

mkotsbak Mar 19, 2002 10:42 AM (in response to mkotsbak)

I found the error myself. I needed to include the securityconf like in the testcase.

Then I get access from the same host as jboss is running. Does this also work from other hosts? Then I think it is a security problem, as the password is the only thing stopping others to access the JMS!
Actions
3. Re: Accessing a JMS queue from external java app

pra Mar 20, 2002 10:34 AM (in response to mkotsbak)

Hi,
are you using the lates 3.0 source from CVS to do this?

- JbossMQ is much more secure today than i was a couple of weeks ago, since it is actually possible to enforce user/password for destination, which was not at all possible before.

- No, there is absolutely no way of having accessrights based on ip.

//Peter
Actions
4. Re: Accessing a JMS queue from external java app

mkotsbak Mar 23, 2002 5:01 AM (in response to mkotsbak)

> Hi,
> are you using the lates 3.0 source from CVS to do
> this?
Yes

>
> - JbossMQ is much more secure today than i was a
> couple of weeks ago, since it is actually possible to
> enforce user/password for destination, which was not
> at all possible before.
But is this user/pw transferred securely over the internet? If not, it helps little if the client is on a public net.

>
> - No, there is absolutely no way of having
> accessrights based on ip.
It looks like to me to, that you either allow RMI queries (1099?), including JMS, or no at all. If it is not using a special port, the firewall will have no chance of stopping it. (without analyzing the traffic though)

>
> //Peter
Actions
5. Re: Accessing a JMS queue from external java app

pra Mar 23, 2002 9:55 AM (in response to mkotsbak)

That is true, its clear text passwords. But the JMS spec is really not designed to be run outside of intranets.

You could probably turn on encryption on the socket layer or RMI and get away with it, or try to integrate with Scots more secure password stuff and give it back to JBoss.

user/password is what there is for now. If you want something other, either chose another provider or contribute code to JBoss, or inspire someone else to do it.

//Peter
Actions

Go to original post