1 Reply Latest reply on Dec 6, 2011 5:20 AM by Kavan Desai

    WARNING [org.hornetq.core.server.impl.HornetQServerImpl] (MSC service thread 1-8) Security risk!

    Rayan Hacker Newbie

      I am getting the below warning message when starting my jboss-as-7.1.0.Beta1 using the "standalone-full.xml" profile

       

       

      10:53:10,732 WARNING [org.hornetq.core.server.impl.HornetQServerImpl] (MSC service thread 1-8) Security risk! It has been detected that the cluster admin user and password have not been changed from the installation default. Please see the HornetQ user guide, cluster chapter, for instructions on how to do this.

       

       

      I tried chaning the following values from "guest" to "guest1" in the "standalone-full.xml" file, but that did not made any changes

       

      <security-settings>

                          <security-setting match="#">

                              <permission type="send" roles="guest1"/>

                              <permission type="consume" roles="guest1"/>

                              <permission type="createNonDurableQueue" roles="guest1"/>

                              <permission type="deleteNonDurableQueue" roles="guest1"/>

                          </security-setting>

      </security-settings>

       

      I also searched few older fourms http://community.jboss.org/message/558272 , but cannot make out where to put the below parameters

       

      <cluster-user>SomeUserNameOfYourChoice</cluster-user>
         <cluster-password>BLAH</cluster-password>


       

      This looks something like sucker password in JBM, hence can someone help me out on how to remove this warning message.

        • 1. Re: WARNING [org.hornetq.core.server.impl.HornetQServerImpl] (MSC service thread 1-8) Security risk!
          Kavan Desai Newbie

          Hi Rayan,

           

          You can set the cluster-user/password straight inside <hornetq-server> element. Like this

           

          <subsystem xmlns="urn:jboss:domain:messaging:1.1">

                      <hornetq-server>

                          <cluster-user>admin</cluster-user>

                          <cluster-password>admin</cluster-password>

                          <!-- disable messaging persistence -->

                          <persistence-enabled>false</persistence-enabled>

                          <!-- Default journal file size is 10Mb, reduced here to 100k for faster first boot -->

                          <journal-file-size>102400</journal-file-size>

                          <journal-min-files>2</journal-min-files>

           

                          <connectors>

                              <netty-connector name="netty" socket-binding="messaging"/>

           

          It worked for me.