-
1. Re: JMS Permission problem
ataylor Dec 15, 2009 12:25 PM (in response to bbirkhae)That is correct, if you look at the examples they all have this security permission and it is also mentioned in the user manual iirc.1 of 1 people found this helpful -
2. Re: JMS Permission problem
jmesnil Dec 15, 2009 12:29 PM (in response to ataylor)As andy said, this permission is also required.
Please note that the permissions are for HornetQ Core queues (not JMS queues).
When you create a JMS Topic Consumer, underneath HornetQ will create a Core queue for this consumer.
This is why you need to add the permission in order to create a JMS Topic Consumer. -
3. Re: JMS Permission problem
bbirkhae Dec 15, 2009 12:40 PM (in response to jmesnil)Dear Andy,
Dear Jeff,
thank you very much for your quick response.
As I understand now, (additional) core queues will be generated internally when I create an JMS Topic Consumer.
Thanks!!!
-
4. Re: JMS Permission problem
diktatoren Jun 10, 2010 11:48 AM (in response to jmesnil)I'm getting the same error message (HornetQException[errorCode=105 message=Unable to validate user: soccerclient for check type CREATE_NON_DURABLE_QUEUE for address jms.topic.soccer.events.livecenter]) when trying to authenticate a stomp client with user exampleuser, using the following configuration:
<configuration xmlns="urn:hornetq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:hornetq /schema/hornetq-users.xsd">
<!-- the default user. this is used where username is null-->
<defaultuser name="guest" password="guest">
<role name="guest"/>
</defaultuser>
<user name="admin" password="testtest">
<role name="admin"/>
</user>
<user name="exampleuser" password="example">
<role name="generic-client"/>
<role name="guest"/>
</user>
</configuration><security-settings>
<security-setting match="#">
<permission type="createDurableQueue" roles="admin, generic-client"/>
<permission type="deleteDurableQueue" roles="admin"/>
<permission type="createNonDurableQueue" roles="admin, generic-client, guest"/>
<permission type="deleteNonDurableQueue" roles="admin"/>
<permission type="createTempQueue" roles="admin, generic-client, guest"/>
<permission type="send" roles="admin"/>
<permission type="consume" roles="admin, generic-client, guest"/>
</security-setting>
</security-settings>############
When authenticating as admin, things work nicely, but I am not able to make it work with any other user. I suspect that the reason is partly the same as the original post in this thread, but I can't find the necessary information in the manual or any of the examples.
-
5. Re: JMS Permission problem
timfox Jun 11, 2010 8:22 AM (in response to diktatoren)Unable to validate user: *****soccerclient**** for check type CREATE_NON_DURABLE_QUEUE for address jms.topic.soccer.events.livecenter])
The user you are using is "soccerclient" not "exampleuser", and you haven't given that user any permissions in the config.
You'd need to add something like:
<user name="sockerclient" password="example">
<role name="generic-client"/>
<role name="guest"/>
</user>Read the security chapter in the user manual for more info on security config
-
6. Re: JMS Permission problem
diktatoren Jun 11, 2010 10:50 AM (in response to timfox)Hi Tim, I changed the name and password in the config when I posted the example, because I didn't want to expose it (and forgot to rename it in the errror message as well).
I can assure you that I don't have a mismatch between the users-config file and the client user name, so this is not the cause of the problem. I've read the security chapter in the manual but haven't gotten any wiser on the reasons for this particular problem.
-
7. Re: JMS Permission problem
timfox Jun 12, 2010 4:14 AM (in response to diktatoren)If you post a working test program and full config that demonstrates the issue, someone can take a look.