That is correct, if you look at the examples they all have this security permission and it is also mentioned in the user manual iirc.1 of 1 people found this helpful
As andy said, this permission is also required.
Please note that the permissions are for HornetQ Core queues (not JMS queues).
When you create a JMS Topic Consumer, underneath HornetQ will create a Core queue for this consumer.
This is why you need to add the permission in order to create a JMS Topic Consumer.
thank you very much for your quick response.
As I understand now, (additional) core queues will be generated internally when I create an JMS Topic Consumer.
I'm getting the same error message (HornetQException[errorCode=105 message=Unable to validate user: soccerclient for check type CREATE_NON_DURABLE_QUEUE for address jms.topic.soccer.events.livecenter]) when trying to authenticate a stomp client with user exampleuser, using the following configuration:
<configuration xmlns="urn:hornetq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
<!-- the default user. this is used where username is null-->
<defaultuser name="guest" password="guest">
<user name="admin" password="testtest">
<user name="exampleuser" password="example">
<permission type="createDurableQueue" roles="admin, generic-client"/>
<permission type="deleteDurableQueue" roles="admin"/>
<permission type="createNonDurableQueue" roles="admin, generic-client, guest"/>
<permission type="deleteNonDurableQueue" roles="admin"/>
<permission type="createTempQueue" roles="admin, generic-client, guest"/>
<permission type="send" roles="admin"/>
<permission type="consume" roles="admin, generic-client, guest"/>
When authenticating as admin, things work nicely, but I am not able to make it work with any other user. I suspect that the reason is partly the same as the original post in this thread, but I can't find the necessary information in the manual or any of the examples.
Unable to validate user: *****soccerclient**** for check type CREATE_NON_DURABLE_QUEUE for address jms.topic.soccer.events.livecenter])
The user you are using is "soccerclient" not "exampleuser", and you haven't given that user any permissions in the config.
You'd need to add something like:
<user name="sockerclient" password="example">
Read the security chapter in the user manual for more info on security config
Hi Tim, I changed the name and password in the config when I posted the example, because I didn't want to expose it (and forgot to rename it in the errror message as well).
I can assure you that I don't have a mismatch between the users-config file and the client user name, so this is not the cause of the problem. I've read the security chapter in the manual but haven't gotten any wiser on the reasons for this particular problem.
If you post a working test program and full config that demonstrates the issue, someone can take a look.