0 Replies Latest reply on Feb 4, 2013 12:28 PM by Kent Garner

    JMSSecurity user doesn't have permission='SEND', retry does not throw exception!

    Kent Garner Newbie

      Background...

      I have been required to tighten up security on our JMS Connections.

      First I am Implementing custom JAASSecurityManager so that passwords are not stored clear text in configuration files.

      My code was not successfully assigning Roles like I expected so I was getting a JMSSecurityException: User: xxxx doesn't have permission='SEND' on address jms.queue.xxx

       

      Our application is designed to stay up and notify the administrator of issues. 

      So by default on this exception the application cycled the JMS connection to the Queue and attempted a second try at sending the message.

       

      The problem is after the connection was cycled the send() method did not throw the same JMSSecurityException!  It does not throw any exception!!

      The application then assumes the message was sent successfully, however, it was not - rather it was lost forever.

       

      This of course is unacceptable. 

      I removed all of my custom JAASSecurityManager code and reverted back to the basic configuration. 

      I modified the Roles section of the hornetq-configuration.xml file to limit the permission type='send' to "nobody". 

      The service reacted the same way - no exception on the retry even though the connection and text message object was all new.

       

      I added a 3 second delay between connection on the retry and still - no joy.

       

      Is this a known issue?

       

      Does anyone have a workaround for this?