Migrating JBoss Messaging security roles to HornetQ
jaikiran Mar 26, 2010 5:15 AMI am trying to map the JBoss Messaging security roles with the Hornetq ones. The JBoss Messaging security roles said this:
If the read attribute is true then that role will be able to read (create consumers, receive messaages or browse) this destination.
If the write attribute is true then that role will be able to write (create producers or send messages) to this destination.
If the create attribute is true then that role will be able to create durable subscriptions on this destination.
So the "create" attribute controlled the permissions for durable subscriptions. But what about non-durable subscriptions? I don't see any security attribute to control the permissions for that. Does that mean JBoss Messaging (and JBoss MQ) did not do any security checks for non-durable subscriptions?
Hornetq on the other hand has this:
createDurableQueue. This permission allows the user to create a durable queue under matching addresses.
deleteDurableQueue. This permission allows the user to delete a durable queue under matching addresses.
createTempQueue. This permission allows the user to create a temporary queue under matching addresses.
deleteTempQueue. This permission allows the user to delete a temporarry queue under matching addresses.
send. This permission allows the user to send a message to matching addresses.
consume. This permission allows the user to consume a message from a queue bound to matching addresses.
manage. This permission allows the user to invoke management operations by sending management messages to the management address.
The "createDurableQueue" effectively is a permission for creating durable subscriptions. The "createTempQueue" is for non-durable subscriptions.
So if in a JBoss Messaging config, I had this role:
<role name="guest" read="true" write="true"/>
would it map to the following in HornetQ:
Role name="guest", send = true, consume = true,(Especially the createTempQueue and deleteTempQueue permissions)
createDurableQueue = false, deleteDurableQueue = false,
createTempQueue = true, deleteTempQueue = true,
manage=false