-
1. Re: How to create single consumer queues using embedded HornetQ
clebert.suconic Aug 24, 2010 12:41 PM (in response to tputkonen)Do you want to provide security with your embedded server?
You don't have to create the roles if you are not requiring security.
-
2. Re: How to create single consumer queues using embedded HornetQ
tputkonen Aug 24, 2010 3:46 PM (in response to clebert.suconic)Yes, each users must be able to only consume messages sent to her dedicated queue.
-
3. Re: How to create single consumer queues using embedded HornetQ
clebert.suconic Aug 25, 2010 11:53 AM (in response to tputkonen)Since you're using embedded... you could specify your own SecurityManager
When you instantiate the server:
HornetQServerImpl(Configuration configuration,MBeanServer mbeanServer,final HornetQSecurityManager securityManager)Since you have full control of your system as you're doing embedded... you could define your own boundaries
-
4. Re: How to create single consumer queues using embedded HornetQ
tputkonen Aug 26, 2010 4:01 AM (in response to clebert.suconic)I have already implemented a SecurityManager, but I still don't know how to control access.
When someone tries to consume from a queue, validateUserAndRole() gets called. Set for roles is empty, and I have not found a way to programmatically configure roles.
-
5. Re: How to create single consumer queues using embedded HornetQ
jmesnil Aug 26, 2010 4:30 AM (in response to tputkonen)Pasi Kovanen wrote:
I have already implemented a SecurityManager, but I still don't know how to control access.
When someone tries to consume from a queue, validateUserAndRole() gets called. Set for roles is empty, and I have not found a way to programmatically configure roles.
Did you match roles to addresses in security settings? http://hornetq.sourceforge.net/docs/hornetq-2.1.2.Final/user-manual/en/html/security.html#security.settings.roles
When you implement your own SecurityManager, you are in charge of managing users credentials (login / password) and the mapping between hornetq roles and the users logins.
But HornetQ code is still managing the mapping between roles and address security settings.
For example, when you want to create a consumer for a given queue, HornetQ will determine which user roles have the right to "consume" and then it will call your security manager so that you can check if the given user has the correct role.
-
6. Re: How to create single consumer queues using embedded HornetQ
tputkonen Aug 26, 2010 7:56 AM (in response to jmesnil)Jeff,
Thank you for this clarification. It verifies my assumption.
So, in order to support 10 000 single consumer queues I have to define 10 000 queues and 10 000 roles. I could use user names as the roles. And even the queus could have user names.
However, I still have not found a way in the API to specify the roles without using XML file?
-
7. Re: How to create single consumer queues using embedded HornetQ
clebert.suconic Aug 26, 2010 8:59 AM (in response to tputkonen)You said you defined your own SecurityManager, right?
At that point you're responsible for how you store the roles...
There are method to validate user and role on the HornetQSecurityManager. It would be up to you how you store or validate them.
Since you're embedded.. you probably have that information somewhere? You said each user will have its own queue only.. You probably can have a definition based in rules only, and not have any XML.
-
8. Re: How to create single consumer queues using embedded HornetQ
tputkonen Aug 28, 2010 7:29 AM (in response to clebert.suconic)What I would like to see is a simple example how to do this.
As I said, validateUserAndRole() does get called. This method has a parameter Set<org.hornetq.core.security.Role> roles. How can I configure these roles?
-
9. Re: How to create single consumer queues using embedded HornetQ
jmesnil Aug 30, 2010 8:59 AM (in response to tputkonen)1 of 1 people found this helpfulPasi Kovanen wrote:
What I would like to see is a simple example how to do this.
As I said, validateUserAndRole() does get called. This method has a parameter Set<org.hornetq.core.security.Role> roles. How can I configure these roles?
Assuming that you hold a reference on HornetQServer, you can configure them using
server.getHornetQServerControl().addSecuritySettings(...) to add the roles for the different permissions required on a given address
Please have a look at addSecuritySettings javadoc.
-
10. Re: How to create single consumer queues using embedded HornetQ
tputkonen Aug 31, 2010 6:21 AM (in response to jmesnil)Thanks Jeff! Now it's finally working. It was still not trivial though.
I was using 2.0.0.GA which didn't have that method call at all, so I upgraded to 2.1.2.Final. Changing HornetQ broke the example in your blog:
http://jmesnil.net/weblog/2010/01/14/using-stomp-with-hornetq/
There no longer exists a class called 'QueueConfiguration'. After examing source code I found that its name is now CoreQueueConfiguration. Now the code compiled again, but I got an exception from JNI. I added call to configuration.setJournalType(JournalType.NIO) and finally the server started.
I'm still having at least one issue: call to configuration.setPersistenceEnabled(false) does not seem to work. HornetQ still creates folder 'data'.
Thank you for your help.