I've experienced a strange problem in trying to get my mind wrapped around the users, roles and permission settings in the 2.0.0 GA release.
Say I have a user "guest3" with a password "guest3" defined in hornet-users.xml, and give that user a role of "foo".
In hornet-configuration.xml, I have:
but I do NOT add the "foo" role to any of the <permission/> elements in the <security-settings/> block.
Now I construct a session for guest3, then construct a producer, then send a message.
The message "seems" to send just fine. I get no exception when I call producer.send(msg).
However, on the server side (HQ logs), I see this:
What I expect to see is no output on the server side, but an exception thrown by the client side.
If it helps any, a "consumer" seems to work just fine, but the error there is about "CREATE_NON_DURABLE_QUEUE", rather than "SEND" or "CONSUME".
So, is this a bug? Or have I misunderstood something?