0 Replies Latest reply on Sep 29, 2011 8:18 AM by stephane.masson

    [REST] Expose and secure HornetQ (standalone) for both netty and REST clients

    stephane.masson
    stephane.masson Sep 29, 2011 8:18 AM

      I'm trying to expose HornetQ for both netty and REST clients in an embed war as demonstrated in the 'mixed-jms-rest' example (HornetQ-REST-Examples_2.2.2.Final). (http://downloads.jboss.org/hornetq/HornetQ-REST-Examples_2.2.2.Final.zip)

       

      I would like to secure the destinations but if I secure the netty acceptor in hornetq-configuration.xml) e.g.:

      <security-setting match="jms.topic.secured.#">

         <permission type="createDurableQueue" roles="user"/>

         <permission type="deleteDurableQueue" roles="user"/>

         <permission type="createNonDurableQueue" roles="user"/>

         <permission type="deleteNonDurableQueue" roles="user"/>

         <permission type="consume" roles="consumer"/>

         <permission type="send" roles="producer"/>

      </security-setting>

       

      the REST interface is enable to connect. the error is:

       

      HornetQException[errorCode=105 message=User: null doesn't have permission='CREATE_DURABLE_QUEUE' on address jms.topic.secured.ExampleSecuredDurableTopic]

           at org.hornetq.rest.topic.SubscriptionsResource.createSubscription(SubscriptionsResource.java:217)

       

      Is there a solution to pass credentials form REST interface to HorentQ core, in this embedded use case?

       

      Or better: to secure only netty acceptor but not the InVM one (used by the REST interface)?

       

      Thanks in advance