Connection not authorized to addMessages to destination: DLQ
davetrahan869 Mar 4, 2005 11:41 AMI need to secure access to all jms queues and topics so I configured this in jbossmq-service.xml:
<mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager"> <attribute name="DefaultSecurityConfig"> <security> <role name="myrole" read="true" write="true" create="true"/> </security> </attribute> <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends> </mbean>
Authentication is redirected to my database in login-config.xml:
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "dsJndiName">java:/My_ds</module-option> <module-option name = "principalsQuery">SELECT PASSWD FROM JMSUSERS WHERE USERNAME=?</module-option> <module-option name = "rolesQuery">SELECT USERROLES, 'Roles' FROM JMSUSERROLES WHERE USERNAME=?</module-option> </login-module>
I have dlquser and dlqpassword set in standardjboss.xml:
<invoker-proxy-binding> <name>message-driven-bean</name> <invoker-mbean>default</invoker-mbean> <proxy-factory>org.jboss.ejb.plugins.jms.JMSContainerInvoker</proxy-factory> <proxy-factory-config> <JMSProviderAdapterJNDI>DefaultJMSProvider</JMSProviderAdapterJNDI> <ServerSessionPoolFactoryJNDI>StdJMSPool</ServerSessionPoolFactoryJNDI> <!-- WARN: Don't set this to zero until a bug in the pooled executor is fixed --> <MinimumSize>1</MinimumSize> <MaximumSize>15</MaximumSize> <KeepAliveMillis>30000</KeepAliveMillis> <MaxMessages>1</MaxMessages> <MDBConfig> <ReconnectIntervalSec>10</ReconnectIntervalSec> <DLQConfig> <DestinationQueue>queue/DLQ</DestinationQueue> <MaxTimesRedelivered>10</MaxTimesRedelivered> <TimeToLive>0</TimeToLive> <DLQUser>dave</DLQUser> <DLQPassword>dave</DLQPassword> </DLQConfig> </MDBConfig> </proxy-factory-config> </invoker-proxy-binding>
However when a message is sent to the dlq, I get the error:
Connection not authorized to addMessages to destination: DLQ
(see stacktrace at end)
To make sure the dlquser/dlqpassword were being recognized, I audited the JMSUSERS and JMSUSERROLES tables. JMS is definitely performing the lookup and is passing in the value for dlquser. If I use a bad password then I get an "authorization failed" message so it appears to be successfully validating the dlquser/dlqpassword.
I know that the dlquser (dave) is in the required role (myrole) because other createQueueConnection(user,password) commands work fine.
Is the dlq looking for a different role or something?
Any other clues? Thanks a million!
Here's the full stacktrace:
11:17:45,184 WARN [DLQHandler] Message resent too many times; sending it to DLQ; message id=ID:3-11099527557391
11:17:45,184 ERROR [DLQHandler] Could not send message to Dead Letter Queue
javax.jms.JMSSecurityException: Connection not authorized to addMessages to destination: DLQ
at org.jboss.mq.security.ServerSecurityInterceptor.addMessage(ServerSecurityInterceptor.java:152)
at org.jboss.mq.server.TracingInterceptor.addMessage(TracingInterceptor.java:270)
at org.jboss.mq.server.JMSServerInvoker.addMessage(JMSServerInvoker.java:136)
at org.jboss.mq.il.jvm.JVMServerIL.addMessage(JVMServerIL.java:136)
at org.jboss.mq.Connection.sendToServer(Connection.java:1020)
at org.jboss.mq.SpySession.sendMessage(SpySession.java:1005)
at org.jboss.mq.SpyMessageProducer.send(SpyMessageProducer.java:265)
at org.jboss.mq.SpyMessageProducer.send(SpyMessageProducer.java:212)
at org.jboss.ejb.plugins.jms.DLQHandler.sendMessage(DLQHandler.java:299)
at org.jboss.ejb.plugins.jms.DLQHandler.handleRedeliveredMessage(DLQHandler.java:241)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(JMSContainerInvoker.java:1239)
at org.jboss.jms.asf.StdServerSession.onMessage(StdServerSession.java:256)
at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:904)
at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:159)
at org.jboss.mq.SpySession.run(SpySession.java:351)
at org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:180)
at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:748)
at java.lang.Thread.run(Thread.java:534)