Hi Guys,

I think I'm losing concepts about security and sending messages to a queue from a remote java client.

In my server, I use some realms to authenticate users like:

            <security-realm name="ManagementRealm">

                <authentication>

                    <local default-user="$local"/>

                    <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>

                </authentication>

            </security-realm>

            <security-realm name="ApplicationRealm">

                <authentication>

                    <jaas name="myJaasSecurityDomain"/>

                </authentication>

            </security-realm>

My ApplicationRealm is securing my web apps using a LoginModule with "code" database  and it's all ok. My ManagementRealm is protecting something like my native-interface and http-interface.

I've deploied an queue with jndi "queue/PingQueue" and its respective remote name "java:jboss/exported/queue/PingQueue" in my standalone-full.xml and I want to send a message from an remote java client for learning purposes.

First problem: to do JNDI lookup of ConnectionFactory and Queue, I can only use ManagementRealm on the remoting subsystem as:

        <subsystem xmlns="urn:jboss:domain:remoting:1.1">

            <connector name="remoting-connector" socket-binding="remoting" security-realm="ManagementRealm"/>

        </subsystem>

In this way, I can do JNDI lookup of ConnectionFactories and Queues using username/password that are registered on the mgmt-users.properties, but, if I change the security-realm of the connector to  ApplicationRealm, I can't do lookup using username/password that exists on ApplicationRealm.

Second problem: to create connection factories using 'connectionFactory.createConnection("username", "password")'  I'm only able to use ApplicationRealm.

When I try to send message to a queue, Hornet says me that "...myUser doesn't have permission='SEND' on address jms.queue.queuePingQueue".

Question 1: Can I use ApplicationRealm to secure my remoting subsystem or am I doing this wrong ? To use ApplicationRealm I need to transform my username/password with something like JaasCallbackHandler or Hash MD5 or other ?

Question 2: How can I fix the Queue security so I can put messages on that queue/PingQueue  ?

Question 3: Is my setup ok ? My standalone-full.xml has some design problems ?

Below some code I'm using outside container, from my java cliente. I'm using jboss-client.jar as library and JBoss 7.1.3. I'm running my cliente from Eclipse with JBoss Tools.

Thanks in advance,

----------------------------------

            final Properties env = new Properties();

            env.put(Context.INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY);

            env.put(Context.PROVIDER_URL, System.getProperty(Context.PROVIDER_URL, PROVIDER_URL));

            env.put(Context.SECURITY_PRINCIPAL, System.getProperty("username", DEFAULT_USERNAME));

            env.put(Context.SECURITY_CREDENTIALS, System.getProperty("password", DEFAULT_PASSWORD));

            context = new InitialContext(env);

            connectionFactory = (ConnectionFactory) context.lookup("jms/RemoteConnectionFactory");

            destination = (Destination) context.lookup("queue/PingQueue");

            connection = connectionFactory.createConnection("myUser", "myPassword");

            session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);

            producer = session.createProducer(destination);

          ...

                message = session.createTextMessage(content);

                producer.send(message);

          ...