14 Replies Latest reply on Oct 23, 2012 7:01 AM by xiang yingbing

    messaging does NOT support many roles?

    xiang yingbing Master

      Dear guys,

       

      I have a user named 'xiang', it has a JAAS role 'admin'. And I configured messaging:

       

          <subsystem xmlns="urn:jboss:domain:messaging:1.3">
              <hornetq-server>
                  <persistence-enabled>true</persistence-enabled>
                  <security-domain>nms-jaas-security-domain</security-domain>
                  <journal-file-size>102400</journal-file-size>
                  <journal-min-files>2</journal-min-files>

       

                  <connectors>
                      ...
                  </connectors>

       

                  <acceptors>
                      ...
                  </acceptors>

       

                  <security-settings>
                      <security-setting match="#">
                          <permission type="send" roles="admin"/>
                          <permission type="consume" roles="admin"/>
                          <permission type="createDurableQueue" roles="admin"/>
                          <permission type="deleteDurableQueue" roles="admin"/>
                          <permission type="createNonDurableQueue" roles="admin"/>
                          <permission type="deleteNonDurableQueue" roles="admin"/>
                      </security-setting>
                  </security-settings>
      ...
      ...
                  <jms-destinations>
                      <jms-queue name="testQueue">
                          <entry name="queue/test"/>
                          <entry name="java:jboss/exported/jms/queue/test"/>
                      </jms-queue>
                      <jms-topic name="testTopic">
                          <entry name="topic/test"/>
                          <entry name="java:jboss/exported/jms/topic/test"/>
                      </jms-topic>
                      <jms-topic name="nmsSOETopic">
                          <entry name="topic/nmsSOE"/>
                          <entry name="java:jboss/exported/jms/topic/nmsSOE"/>
                      </jms-topic>
                  </jms-destinations>
              </hornetq-server>
          </subsystem>

       

      Everything works well.

       

       

       

       

       

       

       

      But after I added one more role in <permission> element:

          <subsystem xmlns="urn:jboss:domain:messaging:1.3">
              <hornetq-server>
                  <persistence-enabled>true</persistence-enabled>
                  <security-domain>nms-jaas-security-domain</security-domain>
                  <journal-file-size>102400</journal-file-size>
                  <journal-min-files>2</journal-min-files>

       

                  <connectors>
                      ...
                  </connectors>

       

                  <acceptors>
                      ...
                  </acceptors>

       

                  <security-settings>
                      <security-setting match="#">
                          <permission type="send" roles="admin, jms_sender"/>
                          <permission type="consume" roles="admin, jms_consumer"/>
                          <permission type="createDurableQueue" roles="admin"/>
                          <permission type="deleteDurableQueue" roles="admin"/>
                          <permission type="createNonDurableQueue" roles="admin"/>
                          <permission type="deleteNonDurableQueue" roles="admin"/>
                      </security-setting>
                  </security-settings>
      ...
      ...
      </subsystem>

       

       

      My client throw bellow exception:

      javax.jms.JMSSecurityException: User: xiang doesn't have permission='CONSUME' on address jms.topic.nmsSOETopic

          at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:312)

          at org.hornetq.core.client.impl.ClientSessionImpl.internalCreateConsumer(ClientSessionImpl.java:1826)

          at org.hornetq.core.client.impl.ClientSessionImpl.createConsumer(ClientSessionImpl.java:479)

          at org.hornetq.core.client.impl.ClientSessionImpl.createConsumer(ClientSessionImpl.java:445)

          at org.hornetq.core.client.impl.DelegatingSession.createConsumer(DelegatingSession.java:189)

          at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:558)

          at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:383)

          at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:353)

          at com.ybxiang.nms.gui.platform.connection.ServerLink.initJmsResource(ServerLink.java:1060)

          at com.ybxiang.nms.gui.platform.connection.ServerLink.connectToServer(ServerLink.java:279)

          at com.ybxiang.nms.gui.platform.login.LoginWizard$2.run(LoginWizard.java:113)

          at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)

      Caused by: HornetQException[errorCode=105 message=User: admin doesn't have permission='CONSUME' on address jms.topic.nmsSOETopic]

          ... 12 more"

       

       

       

       

      My jboss server version: 7.2.0 alpha1:

                      19:42:57,250 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss AS 7.2.0.Alpha1-SNAPSHOT "Steropes" started in 12297ms - Started 630 of 718 services (86 services are passive or on-demand)

       

       

       

      Is there something wrong with my configuration?