Securing HornetQ does not work with multiple roles
osnetwork Mar 20, 2012 5:54 AMHello everybody,
I have been using HornetQ for a while and I still couldn't manage to fix an issue with the permission.
I'm using JBAS 7.1, but also HornetQ as standalone gives the same results.
Here is the problem, I want multiple roles (in this case only 2) to being able to interact with HornetQ. According to the user manual of HornetQ that should be sufficient
<security-settings>
<security-setting match="jms.#">
<permission type="send" roles="user, agent"/>
<permission type="consume" roles="user, agent"/>
<permission type="createDurableQueue" roles="user, agent"/>
<permission type="deleteDurableQueue" roles="user, agent"/>
<permission type="createNonDurableQueue" roles="user, agent"/>
<permission type="deleteNonDurableQueue" roles="user, agent"/>
</security-setting>
</security-settings>
but I keep getting error like this (prova has user role)
Caused by: HornetQException[errorCode=105 message=User: prova doesn't have permission='CONSUME' on address jms.topic.replyTableTopic]
... 13 more
Caused by: HornetQException[errorCode=105 message=User: prova doesn't have permission='SEND' on address jms.queue.requestTableQueue]
... 11 more
Caused by: HornetQException[errorCode=105 message=User: prova2 doesn't have permission='CREATE_NON_DURABLE_QUEUE' on address jms.topic.replyTableTopic]
... 12 more
Instead if I put everything like that, it works but obviously only for user roles and no agent
<security-settings>
<security-setting match="jms.#">
<permission type="send" roles="user"/>
<permission type="consume" roles="user"/>
<permission type="createDurableQueue" roles="user"/>
<permission type="deleteDurableQueue" roles="user"/>
<permission type="createNonDurableQueue" roles="user"/>
<permission type="deleteNonDurableQueue" roles="user"/>
</security-setting>
</security-settings>
I have been trying removing blank spaces after the commas (like reported in this jira issue https://issues.jboss.org/browse/HORNETQ-501) but it didn't help.
Any idea?
Thanks in advance,
LM