Protect a queue from remote accesses and replace DLQ
nlmarco Mar 25, 2005 4:00 PMHello *!
I'm using a message queue to asynchronously execute time consuming tasks: A client connects to a stateless session bean which puts a task "envelope" into a queue. This task is then executed by a message driven bean.
It all works fine, now, but is unsecure as everyone (even remotely) could write into (and read from) my task queue.
How can I prevent anyone (except my session bean) from writing into this queue? At least, I must prevent any remote accesses to this queue (if possible, read and write). Is that possible? If so, how? I've already searched hours for a solution but unfortunately didn't find any helping howto.
I tried the following declaration in my *-service.xml:
<mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=test/TaskQueue"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> <attribute name="SecurityConf"> <security> <role name="_System_" read="true" write="true"/> </security> </attribute> </mbean>With this declaration, noone is able to access the queue, even if the role "_System_" is present. Hence, I guess that the security domain is the problem. How can I specify a security domain for a certain queue?
And how can I give the necessary role to my message driven bean? Currently, the MDB is working anonymously and I've no clue how to authenticate an MDB.
The following question was already asked by me a few days ago, but unfortunately noone answered (maybe because I wrote it into an old topic instead of starting a new one?):
How can I replace the DLQ by another queue for one MDB? I tried to add the following into the jboss.xml of my deployed module, but it had NO effect:
<container-configurations> <container-configuration> <container-name>Standard Message Driven Bean</container-name> <container-invoker-conf> <MDBConfig> <ReconnectIntervalSec>30</ReconnectIntervalSec> <DLQConfig> <DestinationQueue>queue/my/FailQueue</DestinationQueue> <MaxTimesRedelivered>3</MaxTimesRedelivered> <TimeToLive>0</TimeToLive> </DLQConfig> </MDBConfig> </container-invoker-conf> </container-configuration> </container-configurations>
What am I doing wrong?
I either need to define this on a per-queue-basis or on a per-MDB-basis. To set the redeliveryDelay and redeliveryLimit on a per-queue-basis (in the xxx-service.xml) works fine, but how can I overwrite the "queue/DLQ" coming from standardjboss.xml?
Best regards, Marco :-)