messaging does NOT support many roles?
ybxiang.china Oct 22, 2012 7:46 AMDear guys,
I have a user named 'xiang', it has a JAAS role 'admin'. And I configured messaging:
<subsystem xmlns="urn:jboss:domain:messaging:1.3"> | |
<hornetq-server> | |
<persistence-enabled>true</persistence-enabled> | |
<security-domain>nms-jaas-security-domain</security-domain> | |
<journal-file-size>102400</journal-file-size> | |
<journal-min-files>2</journal-min-files> |
<connectors> | |
... | |
</connectors> |
<acceptors> | |
... | |
</acceptors> |
<security-settings> | ||||
<security-setting match="#"> | ||||
<permission type="send" roles="admin"/> | ||||
<permission type="consume" roles="admin"/> | ||||
<permission type="createDurableQueue" roles="admin"/> | ||||
<permission type="deleteDurableQueue" roles="admin"/> | ||||
<permission type="createNonDurableQueue" roles="admin"/> | ||||
<permission type="deleteNonDurableQueue" roles="admin"/> | ||||
</security-setting> | ||||
</security-settings> | ||||
... | ||||
... | ||||
<jms-destinations> | |
<jms-queue name="testQueue"> | |
<entry name="queue/test"/> | |
<entry name="java:jboss/exported/jms/queue/test"/> | |
</jms-queue> | |
<jms-topic name="testTopic"> | |
<entry name="topic/test"/> | |
<entry name="java:jboss/exported/jms/topic/test"/> | |
</jms-topic> | |
<jms-topic name="nmsSOETopic"> | |
<entry name="topic/nmsSOE"/> | |
<entry name="java:jboss/exported/jms/topic/nmsSOE"/> | |
</jms-topic> | |
</jms-destinations> | |
</hornetq-server> | |
</subsystem> |
Everything works well.
But after I added one more role in <permission> element:
<subsystem xmlns="urn:jboss:domain:messaging:1.3"> | |
<hornetq-server> | |
<persistence-enabled>true</persistence-enabled> | |
<security-domain>nms-jaas-security-domain</security-domain> | |
<journal-file-size>102400</journal-file-size> | |
<journal-min-files>2</journal-min-files> |
<connectors> | |
... | |
</connectors> |
<acceptors> | |
... | |
</acceptors> |
<security-settings> | ||||
<security-setting match="#"> | ||||
<permission type="send" roles="admin, jms_sender"/> | ||||
<permission type="consume" roles="admin, jms_consumer"/> | ||||
<permission type="createDurableQueue" roles="admin"/> | ||||
<permission type="deleteDurableQueue" roles="admin"/> | ||||
<permission type="createNonDurableQueue" roles="admin"/> | ||||
<permission type="deleteNonDurableQueue" roles="admin"/> | ||||
</security-setting> | ||||
</security-settings> | ||||
... | ||||
... | ||||
</subsystem> |
My client throw bellow exception:
javax.jms.JMSSecurityException: User: xiang doesn't have permission='CONSUME' on address jms.topic.nmsSOETopic
at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:312)
at org.hornetq.core.client.impl.ClientSessionImpl.internalCreateConsumer(ClientSessionImpl.java:1826)
at org.hornetq.core.client.impl.ClientSessionImpl.createConsumer(ClientSessionImpl.java:479)
at org.hornetq.core.client.impl.ClientSessionImpl.createConsumer(ClientSessionImpl.java:445)
at org.hornetq.core.client.impl.DelegatingSession.createConsumer(DelegatingSession.java:189)
at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:558)
at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:383)
at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:353)
at com.ybxiang.nms.gui.platform.connection.ServerLink.initJmsResource(ServerLink.java:1060)
at com.ybxiang.nms.gui.platform.connection.ServerLink.connectToServer(ServerLink.java:279)
at com.ybxiang.nms.gui.platform.login.LoginWizard$2.run(LoginWizard.java:113)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)
Caused by: HornetQException[errorCode=105 message=User: admin doesn't have permission='CONSUME' on address jms.topic.nmsSOETopic]
... 12 more"
My jboss server version: 7.2.0 alpha1:
19:42:57,250 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss AS 7.2.0.Alpha1-SNAPSHOT "Steropes" started in 12297ms - Started 630 of 718 services (86 services are passive or on-demand)
Is there something wrong with my configuration?