Queue-Security
schachi Aug 2, 2005 3:52 PMi try to add a access-control to a queue (only authenticated users should have read/write/create rights. other users should be blocked).
i read the jboss-documentation (jms, jaas) and i searched in the forum, but i didn't found the answer.
try:
ecollector-docImport-service.xml:
<server> <mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=eManager-DocImportQueue"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> <attribute name="SecurityConf"> <security> <role name="ecollector" read="true" write="true" create="true"/> </security> </attribute> </mbean> <server>
deploy-exception:
org.jboss.deployment.DeploymentException: Error during queue setup; - nested throwable: (javax.jms.JMSSecurityException: Connection not authorized to subscribe to destination: eManager-DocImportQueue) at org.jboss.deployment.DeploymentException.rethrowAsDeploymentException(DeploymentException.java:39) at org.jboss.ejb.plugins.jms.JMSContainerInvoker.innerCreate(JMSContainerInvoker.java:898) at org.jboss.ejb.plugins.jms.JMSContainerInvoker.startService(JMSContainerInvoker.java:922) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:272) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:222) at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80) at org.jboss.mx.server.Invocation.invoke(Invocation.java:72) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:897) at $Proxy66.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:418) at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
the following is working, but im not happy because unauthenticated users have read-rights
<server> <mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=eManager-DocImportQueue"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> <attribute name="SecurityConf"> <security> <role name="guest" read="true" write="false" create="false"/> <role name="ecollector" read="true" write="true" create="true"/> </security> </attribute> </mbean> <server>
what would be the correct solution?
THANK YOU for all hints in advance
marc
i'm using jboss-4.0.2