0 Replies Latest reply on Nov 15, 2003 12:45 PM by Jochen Kressin

    Security per Destination

    Jochen Kressin Newbie


      Running JBoss3.2.2 (also tried RC4) I want to model the following scenario:
      I have two roles, admin and client, no guest role. I put these only two users / roles in jbossmq-state.xml and removed all the "guest" - entries. The role of the client is named 'clientRole'. The client can connect and create a factory with his username/password. Fine. In the MBean descriptor for a queue I create on server startup I wrote:

      The client cannot post messages to this queue, JMSSecurityException:
      javax.jms.JMSSecurityException: Connection not autorized to addMessages to destination: jeremi_client_queue

      If I add the same line regarding the clientRole in the file jbossmq-service.xml in the "DefaultSecurityConfig" section, the client can connect. But then I loose the individual settings per destination.

      My questions:
      1) How are the settings for individual destinations and the settings in jbossmq-service.xml connected? Which one counts?
      2) How can I model security constraints on a per destination basis?
      3) When I create a temporary queue, which users are allowed to connect? Where can I configure this?