4 Replies Latest reply: Jan 30, 2013 3:18 PM by Erik Torp RSS

    Can't set permission to send message (JMS)

    Brian D Newbie

      I'm trying to use a remote client to send a message via a producer to one of my defined JMS queues.  The error message says:

       

      Exception in thread "main" javax.jms.JMSSecurityException: User: admin doesn't have permission='SEND' on address jms.queue.testQueue

       

      I created the user "admin" on both realms using the add-user script. 

       

      I don't know if I have my security settings correct.  Do I need to define roles for "admin" in the standalone application-roles.properties file?

       

      My Security setting looks like this:

       

       

      <security-setting match="#">
                              <permission type="send" roles="admin"/>
                              <permission type="consume" roles="guest"/>
                              <permission type="createNonDurableQueue" roles="guest"/>
                              <permission type="deleteNonDurableQueue" roles="guest"/>
                          </security-setting>
      
      

       

       

      My client code looks like:

       

      Context ic;
                    String JBOSS_CONTEXT="org.jboss.naming.remote.client.InitialContextFactory";;
                    Properties props = new Properties();
                    props.put(Context.INITIAL_CONTEXT_FACTORY, JBOSS_CONTEXT);
                    props.put(Context.PROVIDER_URL, "remote://localhost:4447");
                    props.put(Context.SECURITY_PRINCIPAL, "admin");
                    props.put(Context.SECURITY_CREDENTIALS, "adminadmin");
                    ic = new InitialContext(props);
           
                    ConnectionFactory connectionFactory = (ConnectionFactory)ic.lookup("jms/RemoteConnectionFactory");
                    Queue queue = (Queue) ic.lookup("jms/queue/test");
           
                    Session session = null;
                    Connection conn = null;
                    MessageProducer producer = null;
           
                    conn = connectionFactory.createConnection("admin","adminadmin");
                    session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
                    producer = session.createProducer(queue);
           
                    Message msg = null;
          
                    msg = session.createMessage();
                    msg.setJMSMessageID("ID:test");
                    producer.send(msg);
           
                    conn.close();
      
      
        • 1. Re: Can't set permission to send message (JMS)
          Brian D Newbie

          Update:

           

          I'm able to send and recieve now by disabling security for JMS.  I go to the app console, click on the default JMS link and edit to disable it.

           

          I would still really like to know why the roles weren't recognized when security is enabled

          • 2. Re: Can't set permission to send message (JMS)
            Simon Cigoj Newbie

            maybe your roles are not bound correctly to the user, go to the file ..standalone\configuration\application-roles.properties

             

            I have a user "jmsUser2" rith the role guuest and in application-roles.properties I have a line "jmsUser2=guest"

             

            then in standalone xml I have the default setting

             

            <security-setting match="#">
                     <permission type="send" roles="guest"/>
                      <permission type="consume" roles="guest"/>
                      <permission type="createNonDurableQueue" roles="guest"/>
                      <permission type="deleteNonDurableQueue" roles="guest"/>
            </security-setting>

             

            • 3. Re: Can't set permission to send message (JMS)
              Shekhar p Newbie

              can you please tell  to which realm you added the user to ?

               

              the user needs to be added to the realm which is mentioned in the standalone.xml

               

               

              <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                          <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>

              </subsystem>

              • 4. Re: Can't set permission to send message (JMS)
                Erik Torp Newbie

                Hi,

                 

                Following the posts above works.

                 

                Although it's written in the application-roles.properties header that changes are automatically picked up, I had to bounce the server. Not sure that's because I did not wait long enough...