-
-
2. Re: cant control security in a jms queue
And ignored here because the question is unanwserable.
"I have tried to find anything about it, but without luck."
RTFM? perhaps. -
3. Re: cant control security in a jms queue
Adrian, I wouldnt make postings here if I thought the manual was useful. Posting in this forum was an act of desperation. Its obvious that it was in desperation if you only think about it. I mean, this forums are the forums in where the questions/answers ratio are the highest I have ever seen. Just face it, people are only here for asking, not answering. And why is that? Its because useful information about java on the server side is so hard to get. And just face it, information about java on the serverside is so buzzword driven that it hard to extract useful information about it. This forums are plain useless and should not be able to exist. People in this forums can place a question which is not answered within a year or so.
Example:
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=96413
adrian, you begged for it -
4. Re: cant control security in a jms queue
"anderslinden" wrote:
Hello!
How do I setup this user database?
See if http://wiki.jboss.org/wiki/Wiki.jsp?page=ConfigJBossMQDB helps. Once you have successfully done that, you can specify security restrictions on the Queue as follows (just an example):<mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=testQueue"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> <attribute name="SecurityConf"> <security> <role name="guest" read="true" write="true"/> <role name="publisher" read="true" write="true" create="false"/> <role name="noacc" read="false" write="false" create="false"/> </security> </attribute> </mbean>
The above configuration can be done in "jbossmq-destinations-service.xml" file present in server/< serverName>/deploy/jms folder. The name of the queue in this example is "testQueue", change it to the name of your queue.
As you can see, the above configuration uses a SecurityManager (=jboss.mq:service=SecurityManager) which is configured in the jbossmq-service.xml file present in server/< serverName>/deploy/jms folder. The SecurityManager config in that jbossmq-service.xml mentions the following:<mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager"> <attribute name="DefaultSecurityConfig"> <security> <role name="guest" read="true" write="true" create="true"/> </security> </attribute> <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends> </mbean>
As can be seen, this configuration uses the java:/jaas/jbossmq security domain to do the authentication. The login module is configured in login-config.xml file in server/< serverName>/conf folder (search for jbossmq in that file). All you have to do is configure that application policy to use your login module (similar to what's been mentioned in the link, above).I have tried to manipulate these files:
jboss/server/default/deploy/jms/jbossmq-destinations-service.xml
jboss/server/default/data/hypersonic/localDB.script
jboss/server/all/deploy-hasingleton/jms/jbossmq-service.xml
jboss/server/all/deploy-hasingleton/jms/jbossmq-destinations-service.xml
jboss/server/all/deploy-hasingleton/jms/hsqldb-jdbc-state-service.xml
Which server are you using, is it "default" or "all". Depending on that, you either have to change files in "default" or "all", but not both.
Actually, I would like to have a security model thats not password based, but based on which ip thats connected to the jms queue. I would like to setup a solution where only connections from localhost can write to the queue, in other words the server. Is that possible?
Once you get the security configurations done as mentioned above (and get working it with users stored in DB), this step should be simple enough. Just a change to the login-config.xml file to use a different login module instead of DB login module. As far as creating a login module for checking the IP address is concerned, i believe there was one, but was deprecated in recent releases of JBoss.
P.S: I havent tried anything of these. This is just based on the documents i could find, so you are sure to run into some issues, in which case just post it in the forums here. Maybe someone will be able to help. -
5. Re: cant control security in a jms queue
"anderslinden" wrote:
Adrian, I wouldnt make postings here if I thought the manual was useful.
So explain what your problem is, "IT DOES NOT WORK" is not a problem
its just an incompetent question.
Or better yet, explain which part you read and why it is not useful.
-- snipped rest of useless rant --
NOTE: You couldn't even post the original question in the correct forum
so I doubt you have any ability in reading documentation.
People in this forums can place a question which is not answered within a year or so.
Example:
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=96413
adrian, you begged for it
Why post a link to a problem that is less than one day old (and answered in the spec :-)
to make your point?
SUMMARY: Make a real effort on your question and you'll get a real answer. -
6. Re: cant control security in a jms queue
"jaikiran" wrote:
P.S: I havent tried anything of these. This is just based on the documents i could find, so you are sure to run into some issues, in which case just post it in the forums here. Maybe someone will be able to help.
Nice try, but guessing what the problem is (we don't know from his post)
and repeating documentation (the one thing we do know is that he thinks the docs
are uesless!) is pointless.
Guessing usually leads people in the wrong direction and confuses other users
that read the thread later.
Let him learn to ask questions that are anwerable. It's better for him in the long run.
