-
1. Re: Connection not authorized to addMessages to destination
adrian.brock Jul 9, 2007 4:50 AM (in response to teodoro21)Your question is unanswerable, since you don't show the security configuration for the
destination or JMS_ROLES.
i.e. one of the roles "john" is in needs to have "write" access to the myTopic. -
2. Re: Connection not authorized to addMessages to destination
teodoro21 Jul 10, 2007 5:29 PM (in response to teodoro21)Hi, Thanks Adrian for your reply.
The following is my configuration's files:
----- jbossmq-destinations-service.xml: -----<mbean code="org.jboss.mq.server.jmx.Topic" name="jboss.mq.destination:service=Topic,name=myTopic"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> <attribute name="SecurityConf"> <security> <role name="durpublisher" read="true" write="true" create="true"/> </security> </attribute> </mbean> ----------------------------------------------------------------------------- ----- jbossmq-service.xml: ----- <?xml version="1.0" encoding="UTF-8"?> <!-- $Id: jbossmq-service.xml 38187 2005-11-16 23:55:44Z adrian $ --> <server> <!-- ==================================================================== --> <!-- JBossMQ --> <!-- ==================================================================== --> <!-- ==================================================================== --> <!-- JBossMQ Interceptor chain configuration --> <!-- ==================================================================== --> <!-- To tune performance, you can have the Invoker skip over the TracingInterceptor --> <!-- and/or the SecurityManager, but then you loose the ability to trace and/or enforce security. --> <mbean code="org.jboss.mq.server.jmx.Invoker" name="jboss.mq:service=Invoker"> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=TracingInterceptor</depends> <depends>jboss:service=Naming</depends> </mbean> <mbean code="org.jboss.mq.server.jmx.InterceptorLoader" name="jboss.mq:service=TracingInterceptor"> <attribute name="InterceptorClass">org.jboss.mq.server.TracingInterceptor</attribute> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=SecurityManager</depends> </mbean> <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager"> <attribute name="DefaultSecurityConfig"> <security> <role name="durpublisher" read="true" write="true" create="true"/> </security> </attribute> <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends> </mbean> <!-- | The ClientMonitorInterceptor disconnects clients that have been idle for to long. | This interceptor is not enabled by default since the server might disconnect clients | when the it is under high load. --> <!-- <mbean code="org.jboss.mq.server.jmx.ClientMonitorInterceptor" name="jboss.mq:service=ClientMonitorInterceptor"> <attribute name="ClientTimeout">80000</attribute> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends> </mbean> --> <!-- A Thread pool service --> <mbean code="org.jboss.util.threadpool.BasicThreadPool" name="jboss.mq:service=ThreadPool"> <attribute name="Name">JMSThread</attribute> <attribute name="ThreadGroupName">JBossMQ Server Threads</attribute> <!-- The max number of threads in the pool --> <attribute name="MaximumPoolSize">10</attribute> <!-- The max number of tasks before the queue is full --> <attribute name="MaximumQueueSize">1000</attribute> <!-- The behavior of the pool when a task is added and the queue is full. abort - a RuntimeException is thrown run - the calling thread executes the task wait - the calling thread blocks until the queue has room discard - the task is silently discarded without being run discardOldest - check to see if a task is about to complete and enque the new task if possible, else run the task in the calling thread --> <attribute name="BlockingMode">run</attribute> </mbean> <!-- ==================================================================== --> <!-- System Destinations --> <!-- ==================================================================== --> <!-- Dead Letter Queue --> <mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=DLQ"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> </mbean> <StateManager> <Users> <User> <Name>john</Name> <Password>needle</Password> <Id>DurableSubscriberExample</Id> </User> </Users> <DurableSubscriptions> <DurableSubscription> <ClientID>DurableSubscriberExample</ClientID> <Name>test</Name> <TopicName>myTopic</TopicName> </DurableSubscription> </DurableSubscriptions> </StateManager> </server> ------------------------------------------------------------------------- TABLES: JMS_ROLES: ROLEID USERID -------------------------------- --------- durpublisher dynsub publisher dynsub guest guest j2ee guest john guest durpublisher john publisher john subscriber john noacc nobody JMS_USERS : USERID PASSWD CLIENTID ----------------- --------------------- dynsub dynsub nobody nobody john needle DurableSubscriberExample j2ee j2ee guest guest
Now the error is changed, when I'm try to deploy my MDB I receive this error:
22:49:40,975 INFO [EjbModule] Deploying MessageDrivenEJB
22:49:41,223 WARN [JMSContainerInvoker] JMS provider failure detected for MessageDrivenEJB
org.jboss.deployment.DeploymentException: Error during topic setup; - nested throwable: (javax.jms.JMSSecurityException: Connection not authorized to do durable subscription on topic: myTopic)
at org.jboss.deployment.DeploymentException.rethrowAsDeploymentException(DeploymentException.java:53)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker.innerStartDelivery(JMSContainerInvoker.java:720)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker.startService(JMSContainerInvoker.java:839)
at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)But If I use <role name="guest" read="true" write="true" create="true"/> I do it without errors!
This is my ejb-jar.xml:
<message-driven>
Message Driven Bean
<display-name>MessageDrivenEJB</display-name>
<ejb-name>MessageDrivenEJB</ejb-name>
<ejb-class>it.java.lab.mdb.MessageDrivenEJBBean</ejb-class>
<messaging-type>javax.jms.MessageListener</messaging-type>
<transaction-type>Container</transaction-type>
<message-destination-type>javax.jms.Topic</message-destination-type>
<activation-config>
<activation-config-property>
<activation-config-property-name>destinationType</activation-config-property-name>
<activation-config-property-value>javax.jms.Topic</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>subscriptionDurability</activation-config-property-name>
<activation-config-property-value>Durable</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>subscriptionName</activation-config-property-name>
<activation-config-property-value>myTopic</activation-config-property-value>
</activation-config-property>
<activation-config-property>
<activation-config-property-name>destination</activation-config-property-name>
<activation-config-property-value>topic/myTopic</activation-config-property-value>
</activation-config-property>
</activation-config>
</message-driven>
Please let me know if you need any others details to help me!
Thanks in advance
Teo -
3. Re: Connection not authorized to addMessages to destination
adrian.brock Jul 11, 2007 8:08 AM (in response to teodoro21)Do you have any intention of reading the documentation to understand how this works?
Let me "not" explain it by asking you some questions?
Which roles is the MDB running under?
Is it the roles of the default user since you don't specify a user/password (unauthenticated)?
What is the unauthenticated user?
Is it 'guest"?
What roles does "guest" have?
Does any of those roles have "create" authority on the topic? -
4. Re: Connection not authorized to addMessages to destination
teodoro21 Jul 11, 2007 10:02 AM (in response to teodoro21)Hi Adrian,
yes, I'm reading the documentation, ..probably I'm asking because I don't understand what says the documentation about JBossMQ's configuration. (I'm a newbie so I'm learning..)
I have written every parts of my configuration's file only to explain with more
details which was my trouble.
So I'm very very sorry if It's a problem inside this forum.
Anyway thanks a lot for your suggestions.
I'll try to read documentation with more attention, I hope that will be more kind than you.
bye -
5. Re: Connection not authorized to addMessages to destination
adrian.brock Jul 11, 2007 11:26 AM (in response to teodoro21)"teodoro21" wrote:
Hi Adrian,
yes, I'm reading the documentation, ..probably I'm asking because I don't understand what says the documentation about JBossMQ's configuration. (I'm a newbie so I'm learning..)
Then quid pro quo. Tell me which parts you are having difficulty understanding
so I can update it to make it easier to understand
I have written every parts of my configuration's file only to explain with more
details which was my trouble.
So I'm very very sorry if It's a problem inside this forum.
The problem is that originally you posted irrelevant information
and later you posted *ALL* information with "It works but I don't know why?"
or more probably "Is this correct, because I can't be bothered thinking about it"? :-)
Anyway thanks a lot for your suggestions.
My real suggestion would be to research security (it is an important area).
authentication/authorization using users, roles and authorities is a very common
and simple pattern to grok.
I'll try to read documentation with more attention, I hope that will be more kind than you.
If you really want to be treated with "kid gloves" then post in the newbies forum,
or at least make some attempt to show you've tried to understand.
e.g. "I've read this {link here}, but I don't know what it means by ..."