4 Replies Latest reply: Jan 30, 2013 3:18 PM by Erik Torp RSS

Can't set permission to send message (JMS)

Brian D Newbie

I'm trying to use a remote client to send a message via a producer to one of my defined JMS queues.  The error message says:

 

Exception in thread "main" javax.jms.JMSSecurityException: User: admin doesn't have permission='SEND' on address jms.queue.testQueue

 

I created the user "admin" on both realms using the add-user script. 

 

I don't know if I have my security settings correct.  Do I need to define roles for "admin" in the standalone application-roles.properties file?

 

My Security setting looks like this:

 

 

<security-setting match="#">
                        <permission type="send" roles="admin"/>
                        <permission type="consume" roles="guest"/>
                        <permission type="createNonDurableQueue" roles="guest"/>
                        <permission type="deleteNonDurableQueue" roles="guest"/>
                    </security-setting>

 

 

My client code looks like:

 

Context ic;
              String JBOSS_CONTEXT="org.jboss.naming.remote.client.InitialContextFactory";;
              Properties props = new Properties();
              props.put(Context.INITIAL_CONTEXT_FACTORY, JBOSS_CONTEXT);
              props.put(Context.PROVIDER_URL, "remote://localhost:4447");
              props.put(Context.SECURITY_PRINCIPAL, "admin");
              props.put(Context.SECURITY_CREDENTIALS, "adminadmin");
              ic = new InitialContext(props);
     
              ConnectionFactory connectionFactory = (ConnectionFactory)ic.lookup("jms/RemoteConnectionFactory");
              Queue queue = (Queue) ic.lookup("jms/queue/test");
     
              Session session = null;
              Connection conn = null;
              MessageProducer producer = null;
     
              conn = connectionFactory.createConnection("admin","adminadmin");
              session = conn.createSession(false, Session.AUTO_ACKNOWLEDGE);
              producer = session.createProducer(queue);
     
              Message msg = null;
    
              msg = session.createMessage();
              msg.setJMSMessageID("ID:test");
              producer.send(msg);
     
              conn.close();

  • 1. Re: Can't set permission to send message (JMS)
    Brian D Newbie

    Update:

     

    I'm able to send and recieve now by disabling security for JMS.  I go to the app console, click on the default JMS link and edit to disable it.

     

    I would still really like to know why the roles weren't recognized when security is enabled

  • 2. Re: Can't set permission to send message (JMS)
    Simon Cigoj Newbie

    maybe your roles are not bound correctly to the user, go to the file ..standalone\configuration\application-roles.properties

     

    I have a user "jmsUser2" rith the role guuest and in application-roles.properties I have a line "jmsUser2=guest"

     

    then in standalone xml I have the default setting

     

    <security-setting match="#">
             <permission type="send" roles="guest"/>
              <permission type="consume" roles="guest"/>
              <permission type="createNonDurableQueue" roles="guest"/>
              <permission type="deleteNonDurableQueue" roles="guest"/>
    </security-setting>

     

  • 3. Re: Can't set permission to send message (JMS)
    Shekhar p Newbie

    can you please tell  to which realm you added the user to ?

     

    the user needs to be added to the realm which is mentioned in the standalone.xml

     

     

    <subsystem xmlns="urn:jboss:domain:remoting:1.1">

                <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/>

    </subsystem>

  • 4. Re: Can't set permission to send message (JMS)
    Erik Torp Newbie

    Hi,

     

    Following the posts above works.

     

    Although it's written in the application-roles.properties header that changes are automatically picked up, I had to bounce the server. Not sure that's because I did not wait long enough...