1 Reply Latest reply on May 16, 2003 8:16 AM by Adrian Brock

    Security exception in MDB

    karp-newbie Newbie

      I have an MDB that listens to a queue (RemoteMessages). While the MDB is processing an incoming message, I try to connect to the same queue and post another message under certain circumstances.

      Creating the connection, and session works fine. Using the session to create the new message also works fine. When I go to send the message I get the following exception:

      javax.jms.JMSSecurityException: Connection not autorized to addMessages to destination: RemoteMessages
      00:23:16,412 ERROR [STDERR] at org.jboss.mq.security.ServerSecurityInterceptor.addMessage(ServerSecurityInterceptor.java:153)
      00:23:16,413 ERROR [STDERR] at org.jboss.mq.server.TracingInterceptor.addMessage(TracingInterceptor.java:209)
      00:23:16,413 ERROR [STDERR] at org.jboss.mq.server.JMSServerInvoker.addMessage(JMSServerInvoker.java:137)

      Now, I have defined users and roles in the jbossmq-state.xml file. I have deployed the MDB in question to run as the user name I chose in the jbossmq-state.xml file, and I have set a role which includes the MDB user as a role that has read and write permission on the queue (in the jbossmq-destinations-service.xml file).

      If I change the code that creates the connection by adding an appropriate user name and password (the one that the MDB is already running as), I get an exception immediately - something about trying to get a Client ID and not being able to.

      What am I doing wrong?

      This worked in jboss 2.4.4, with the obvious changes to the relevant deployment files. What is ironic is that I don't actually require any security for the queue at all. So, a side question would be: Can I turn off security for the queue?

        • 1. Re: Security exception in MDB
          Adrian Brock Master

          You need to post your config and which user
          you are signing in as. Just saying it is wrong
          won't get many answers.

          You can turn off security by not configuring
          a security element.
          See the example queue A.

          This uses the role "guest"
          for unauthenicated users with all access.

          See jbossmq in login-config.xml for the unauthenicated