5 Replies Latest reply on Mar 23, 2002 9:55 AM by Peter Antman

    Accessing a JMS queue from external java app

    Marius Kotsbak Newbie

      I am trying to connect to a queue that is set up in JBoss from an standalone java application in another VM. Then I get an security error, even when I have specified the user/pw in jbossmq-state.xml.

      Is there something special I have to do to allow external programs to access the JMS queues inside jboss. I think there should be some place I specify which hosts that can connect to the queues also.

      I tried to insert the <securityconf> in the definition of the queues, with full access, but I could not find any doc on this part of the sar-file (and no example of external access)!

      If it could help I can post the stacktrace/errormessage, but since the errormessage was no clear, I thought it could be some misconfiguration.

        • 1. Re: Accessing a JMS queue from external java app
          Joost Wijgerd Newbie

          Hi,

          I simply include all the jars from the jboss\client directory in my classpath and then connect like this:


          jndiContext = new InitialContext();

          queueConnectionFactory = (QueueConnectionFactory)
          jndiContext.lookup("ConnectionFactory");
          peopleQueue = (Queue) jndiContext.lookup("queue/peopleQueue");
          answerQueue = (Queue) jndiContext.lookup("queue/answerQueue");

          queueConnection =
          queueConnectionFactory.createQueueConnection();
          queueSession =
          queueConnection.createQueueSession(false,
          Session.AUTO_ACKNOWLEDGE);
          queueSender = queueSession.createSender(peopleQueue);
          message = queueSession.createTextMessage();
          message.setText("Payload");
          queueSender.send(message);


          Oh yeah, I also have jndi.properties on my classpath.

          Hope this helps,

          Joost.

          • 2. Re: Accessing a JMS queue from external java app
            Marius Kotsbak Newbie

            I found the error myself. I needed to include the securityconf like in the testcase.

            Then I get access from the same host as jboss is running. Does this also work from other hosts? Then I think it is a security problem, as the password is the only thing stopping others to access the JMS!

            • 3. Re: Accessing a JMS queue from external java app
              Peter Antman Expert

              Hi,
              are you using the lates 3.0 source from CVS to do this?

              - JbossMQ is much more secure today than i was a couple of weeks ago, since it is actually possible to enforce user/password for destination, which was not at all possible before.

              - No, there is absolutely no way of having accessrights based on ip.

              //Peter

              • 4. Re: Accessing a JMS queue from external java app
                Marius Kotsbak Newbie

                > Hi,
                > are you using the lates 3.0 source from CVS to do
                > this?
                Yes

                >
                > - JbossMQ is much more secure today than i was a
                > couple of weeks ago, since it is actually possible to
                > enforce user/password for destination, which was not
                > at all possible before.
                But is this user/pw transferred securely over the internet? If not, it helps little if the client is on a public net.

                >
                > - No, there is absolutely no way of having
                > accessrights based on ip.
                It looks like to me to, that you either allow RMI queries (1099?), including JMS, or no at all. If it is not using a special port, the firewall will have no chance of stopping it. (without analyzing the traffic though)

                >
                > //Peter

                • 5. Re: Accessing a JMS queue from external java app
                  Peter Antman Expert

                  That is true, its clear text passwords. But the JMS spec is really not designed to be run outside of intranets.

                  You could probably turn on encryption on the socket layer or RMI and get away with it, or try to integrate with Scots more secure password stuff and give it back to JBoss.

                  user/password is what there is for now. If you want something other, either chose another provider or contribute code to JBoss, or inspire someone else to do it.


                  //Peter