1 Reply Latest reply on Mar 11, 2005 4:31 PM by adrian.brock

    Connection not authorized to addMessages to destination: DLQ

    davetrahan869
    davetrahan869 Mar 4, 2005 11:41 AM

      I need to secure access to all jms queues and topics so I configured this in jbossmq-service.xml:

      <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager">
 <attribute name="DefaultSecurityConfig">
 <security>
 <role name="myrole" read="true" write="true" create="true"/>
 </security>
 </attribute>
 <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute>
 <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
 </mbean>


      Authentication is redirected to my database in login-config.xml: 

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "dsJndiName">java:/My_ds</module-option>
 <module-option name = "principalsQuery">SELECT PASSWD FROM JMSUSERS WHERE USERNAME=?</module-option>
 <module-option name = "rolesQuery">SELECT USERROLES, 'Roles' FROM JMSUSERROLES WHERE USERNAME=?</module-option>
 </login-module>


      I have dlquser and dlqpassword set in standardjboss.xml: 

      <invoker-proxy-binding>
 <name>message-driven-bean</name>
 <invoker-mbean>default</invoker-mbean>
 <proxy-factory>org.jboss.ejb.plugins.jms.JMSContainerInvoker</proxy-factory>
 <proxy-factory-config>
 <JMSProviderAdapterJNDI>DefaultJMSProvider</JMSProviderAdapterJNDI>
 <ServerSessionPoolFactoryJNDI>StdJMSPool</ServerSessionPoolFactoryJNDI>
 <!-- WARN: Don't set this to zero until a bug in the pooled executor is fixed -->
 <MinimumSize>1</MinimumSize>
 <MaximumSize>15</MaximumSize>
 <KeepAliveMillis>30000</KeepAliveMillis>
 <MaxMessages>1</MaxMessages>
 <MDBConfig>
 <ReconnectIntervalSec>10</ReconnectIntervalSec>
 <DLQConfig>
 <DestinationQueue>queue/DLQ</DestinationQueue>
 <MaxTimesRedelivered>10</MaxTimesRedelivered>
 <TimeToLive>0</TimeToLive>
 <DLQUser>dave</DLQUser>
 <DLQPassword>dave</DLQPassword>
 </DLQConfig>
 </MDBConfig>
 </proxy-factory-config>
 </invoker-proxy-binding>


      However when a message is sent to the dlq, I get the error:
      Connection not authorized to addMessages to destination: DLQ
      (see stacktrace at end)

      To make sure the dlquser/dlqpassword were being recognized, I audited the JMSUSERS and JMSUSERROLES tables. JMS is definitely performing the lookup and is passing in the value for dlquser. If I use a bad password then I get an "authorization failed" message so it appears to be successfully validating the dlquser/dlqpassword.

      I know that the dlquser (dave) is in the required role (myrole) because other createQueueConnection(user,password) commands work fine.

      Is the dlq looking for a different role or something?

      Any other clues? Thanks a million!

      Here's the full stacktrace:
      11:17:45,184 WARN [DLQHandler] Message resent too many times; sending it to DLQ; message id=ID:3-11099527557391
      11:17:45,184 ERROR [DLQHandler] Could not send message to Dead Letter Queue
      javax.jms.JMSSecurityException: Connection not authorized to addMessages to destination: DLQ
      at org.jboss.mq.security.ServerSecurityInterceptor.addMessage(ServerSecurityInterceptor.java:152)
      at org.jboss.mq.server.TracingInterceptor.addMessage(TracingInterceptor.java:270)
      at org.jboss.mq.server.JMSServerInvoker.addMessage(JMSServerInvoker.java:136)
      at org.jboss.mq.il.jvm.JVMServerIL.addMessage(JVMServerIL.java:136)
      at org.jboss.mq.Connection.sendToServer(Connection.java:1020)
      at org.jboss.mq.SpySession.sendMessage(SpySession.java:1005)
      at org.jboss.mq.SpyMessageProducer.send(SpyMessageProducer.java:265)
      at org.jboss.mq.SpyMessageProducer.send(SpyMessageProducer.java:212)
      at org.jboss.ejb.plugins.jms.DLQHandler.sendMessage(DLQHandler.java:299)
      at org.jboss.ejb.plugins.jms.DLQHandler.handleRedeliveredMessage(DLQHandler.java:241)
      at org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(JMSContainerInvoker.java:1239)
      at org.jboss.jms.asf.StdServerSession.onMessage(StdServerSession.java:256)
      at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:904)
      at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:159)
      at org.jboss.mq.SpySession.run(SpySession.java:351)
      at org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:180)
      at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:748)
      at java.lang.Thread.run(Thread.java:534)


      • 2793 Views
      • Tags: