8 Replies Latest reply on Dec 15, 2013 11:43 PM by ybxiang.china

    Can HornetQ use JAAS role?

    ybxiang.china

      Dear jboss guys,

       

      Can HornetQ use JAAS role?

       

      My standalone-full.xml

       

       


      <subsystem xmlns="urn:jboss:domain:messaging:1.3">

      <hornetq-server>

      <persistence-enabled>true</persistence-enabled>

      <journal-file-size>102400</journal-file-size>

      <journal-min-files>2</journal-min-files>

      <connectors>

      <netty-connector name="netty-ssl-connector" socket-binding="messaging">






      <param key="ssl-enabled" value="true"/>






      <param key="key-store-path" value="D:\\java\\jboss-as-7.2.0.Alpha1\\standalone\\configuration\\server.keystore"/>






      <param key="key-store-password" value="ybxiang_keystore_password"/>





      </netty-connector>

      <netty-connector name="netty-throughput" socket-binding="messaging-throughput">

      <param key="batch-delay" value="50"/>

      </netty-connector>

      <in-vm-connector name="in-vm" server-id="0"/>

      </connectors>

      <acceptors>

      <netty-acceptor name="netty-ssl-acceptor" socket-binding="messaging">






      <param key="ssl-enabled" value="true"/>






      <param key="key-store-path" value="D:\\java\\jboss-as-7.2.0.Alpha1\\standalone\\configuration\\server.keystore"/>






      <param key="key-store-password" value="ybxiang_keystore_password"/>






      <param key="trust-store-path" value="D:\\java\\jboss-as-7.2.0.Alpha1\\standalone\\configuration\\client.truststore"/>






      <param key="trust-store-password" value="ybxiang_truststore_password"/>





      </netty-acceptor>

      <netty-acceptor name="netty-throughput" socket-binding="messaging-throughput">

      <param key="batch-delay" value="50"/>

      <param key="direct-deliver" value="false"/>

      </netty-acceptor>

      <in-vm-acceptor name="in-vm" server-id="0"/>

      </acceptors>

      <security-settings>

       


      </security-settings>

      <address-settings>

      <!--default for catch all-->

      <address-setting match="#">

      <dead-letter-address>jms.queue.DLQ</dead-letter-address>

      <expiry-address>jms.queue.ExpiryQueue</expiry-address>

      <redelivery-delay>0</redelivery-delay>

      <max-size-bytes>10485760</max-size-bytes>

      <address-full-policy>BLOCK</address-full-policy>

      <message-counter-history-day-limit>10</message-counter-history-day-limit>

      </address-setting>

      </address-settings>

      <jms-connection-factories>

      <connection-factory name="InVmConnectionFactory">

      <connectors>

      <connector-ref connector-name="in-vm"/>

      </connectors>

      <entries>

      <entry name="java:/ConnectionFactory"/>

      </entries>

      </connection-factory>

      <connection-factory name="RemoteConnectionFactory">

      <connectors>

      <connector-ref connector-name="netty-ssl-connector"/>

      </connectors>

      <entries>

      <entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>

      </entries>

      </connection-factory>

      <pooled-connection-factory name="hornetq-ra">

      <transaction mode="xa"/>

      <connectors>

      <connector-ref connector-name="in-vm"/>

      </connectors>

      <entries>

      <entry name="java:/JmsXA"/>

      </entries>

      </pooled-connection-factory>

      </jms-connection-factories>




      <jms-destinations>





      <jms-queue name="testQueue">






      <entry name="queue/test"/>






      <entry name="java:jboss/exported/jms/queue/test"/>





      </jms-queue>





      <jms-topic name="testTopic">






      <entry name="topic/test"/>






      <entry name="java:jboss/exported/jms/topic/test"/>





      </jms-topic>




      </jms-destinations>

      </hornetq-server>

      </subsystem>


       

       

       


      <security-realms>

      <security-realm name="ManagementRealm">

      <authentication>

      <local default-user="$local"/>

      <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>

      </authentication>

      </security-realm>

      <security-realm name="ApplicationRealm">

      <server-identities>

      <ssl>

      <keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="ybxiang_keystore_password"/>

      </ssl>

      </server-identities>

      <authentication>

      <jaas name="nms-jaas-security-domain"/>

      </authentication>

      </security-realm>

      </security-realms>

       

       

       

       

       


      <security-domain name="nms-jaas-security-domain" cache-type="default">

      <authentication>

      <login-module code="Remoting" flag="optional">

      <module-option name="password-stacking" value="useFirstPass"/>

      </login-module>

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

      <module-option name="password-stacking" value="useFirstPass"/>

      <module-option name="dsJndiName" value="java:jboss/datasources/NmsMySqlDS"/>

      <module-option name="principalsQuery" value="SELECT hashedPassword FROM User WHERE username=?"/>

      <module-option name="rolesQuery" value="SELECT DISTINCT r.name, 'Roles' FROM User u, User_UserGroup ug, UserGroup_JaasRole gr, JaasRole r WHERE u.id=ug.user_id AND ug.usergroup_id=gr.usergroup_id AND gr.jaasrole_id=r.id AND u.rowStatus=0 AND u.username=?"/>

      <module-option name="hashAlgorithm" value="SHA-256"/>

      <module-option name="hashEncoding" value="Base64"/>

      <module-option name="hashCharset" value="UTF-8"/>

      <module-option name="unauthenticatedIdentity" value="guest"/>

      </login-module>

      </authentication>

      </security-domain>

       

       

      NOTE: I remvoed all elements in <security-settings>.

       

       

       

       

       

       

      My client code:

       

      NOTE: my ejb client works well.


      public class MyClient{
      
      
      public void connectToServer(String serverIP, String username, String password) throws Exception{
      
      
      this.username = username;
      
      
      this.serverIP = serverIP;
      
      
      InitialContext context;
      
      
      
      
      try{
      
      
      
      
          
      Properties p = new Properties();
      
          
      p.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "true");
      
      
      
      p.put("remote.connections", "default");
      
      
      
      p.put("remote.connection.default.host", serverIP);
      
      
      
      p.put("remote.connection.default.port", "4447");
      
          
      p.put("remote.connection.default.username", username);
      
          
      p.put("remote.connection.default.password", password);
      
          
      p.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "false");
      
          
      p.put("remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");
      
          
      p.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
      
          
      p.put("remote.connection.default.connect.options.org.xnio.Options.SSL_STARTTLS", "true");
      
          
      p.put("remote.connection.default.connect.timeout", "30000");//for xnio 
      
          
      
      
          
      EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(p);
      
          
      ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
      
          
      EJBClientContext.setSelector(selector);
      
          
      
      
          
      EJBClientContext.getCurrent().registerInterceptor(0,new ClientSessionTokenInterceptor());
      
          
      EJBClientContext.getCurrent().registerInterceptor(1,new ClientExceptionInterceptor());
      
          
      
      
          
      Properties props = new Properties();
      
          
      props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
      
          
      context = new InitialContext(props);
      
          
      securedRemoteSessionProxy = (ISecuredRemoteSession)context.lookup(jndiName);
      
      
      }catch(Exception e){
      
      
      
      throw ConnectionToServerFailedException.INSTANCE;
      
      
      }
      
      
      //
      
      
      shakeHands(username, password);
          
      //
          
      testJms2(serverIP, username, password);
      
      }
      
      
      
      
      
      public static void testJms2(String serverIP, String username, String password) throws Exception {
          
      Properties props = new Properties();
          
      props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
      
      
      //参见:https://community.jboss.org/message/729801#729801
          
      props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
          
      props.put(Context.PROVIDER_URL, System.getProperty(Context.PROVIDER_URL, "remote://"+serverIP+":4447"));
          
      props.put(Context.SECURITY_PRINCIPAL, username);
          
      props.put(Context.SECURITY_CREDENTIALS, password);
          
      props.put("jboss.naming.client.connect.options.org.xnio.Options.SSL_STARTTLS", "true");
          
      props.put("jboss.naming.client.remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "true");
          
      InitialContext context = new InitialContext(props);    
      
          
      
          
      ConnectionFactory connectionFactory = null;
          
      Destination destination = null;
          
      try {
              
      connectionFactory = (ConnectionFactory) context.lookup("jms/RemoteConnectionFactory");
              
      destination = (Destination) context.lookup("jms/queue/test");
              
      //
              
      sendJmsMessage(connectionFactory,destination,username,password);
          
      } catch (Exception e) {
              
      log.error(e);
          
      }
      
      }
      
      
      
      /**
       
      * https://community.jboss.org/message/721270
       
      * Like everything else in JBoss AS 7.1.0.Final, JMS is secured by default.  
       
      * It uses the same security domain as JNDI so you can use the same username and password (i.e. appuser2 and passw0rd respectively) 
       
      * 
      
      in your call to javax.jms.ConnectionFactory.createConnection(String, String). 
       
      */
      
      public static void sendJmsMessage(ConnectionFactory connectionFactory, Destination destination, String username, String password){
          
      Connection connection = null;
          
      Session session = null;
          
      MessageProducer producer = null;
          
      MessageConsumer consumer = null;
          
      TextMessage message = null;
      
      
          
      try {
              
      // Create the JMS connection, session, producer, and consumer
          
      
      connection = connectionFactory.createConnection(username,password);//User: admin doesn't have permission='CONSUME' on address jms.queue.testQueue"
          
      
      //connection = connectionFactory.createConnection();//"javax.jms.JMSSecurityException: Unable to validate user: null"
              
      session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
              
      producer = session.createProducer(destination);
              
      consumer = session.createConsumer(destination);
              
      connection.start();
              
      
              
      int count = 1;
              
      String content = "Hellow World!";
              
      log.info("Sending " + count + " messages with content: " + content);
      
      
              
      // Send the specified number of messages
              
      for (int i = 0; i < count; i++) {
                  
      message = session.createTextMessage(content);
                  
      producer.send(message);
              
      }
      
      
              
      // Then receive the same number of messaes that were sent
              
      for (int i = 0; i < count; i++) {
                  
      message = (TextMessage) consumer.receive(5000);
                  
      log.info("Received message with content " + message.getText());
              
      }
          
      } catch (Exception e) {
              
      log.error(e);
          
      } finally {
              
      if (connection != null) {
              
      
      try{
              
      
      
      connection.close();
              
      
      }catch(Exception e){
              
      
      
      log.error(e);
              
      
      }
              
      }
          
      }
      
      }
      
      }
      
      

       

       

      Above username and password is JAAS account:

       

       

      if above consumer = session.createConsumer(destination); is excecuted, client print bellow exception:

      "javax.jms.JMSSecurityException: User: admin doesn't have permission='CONSUME' on address jms.queue.testQueue"
      

       

       

       

      Would you pleaes help me?

        • 1. Re: Can HornetQ use JAAS role?
          ybxiang.china

          Now I change <security-settings> to

           

                      <security-settings>
                          <security-setting match="#">
                              <permission type="send" roles="admin, guest"/>
                              <permission type="consume" roles="admin, guest"/>
          <permission type="createDurableQueue" roles="admin, guest"/>
          <permission type="deleteDurableQueue" roles="admin, guest"/>
                              <permission type="createNonDurableQueue" roles="admin, guest"/>
                              <permission type="deleteNonDurableQueue" roles="admin, guest"/>
                          </security-setting>
                      </security-settings>

           

           

          I still get the Exception:

          "javax.jms.JMSSecurityException: User: admin doesn't have permission='CONSUME' on address jms.queue.testQueue"

           

           

           

          I read http://www.techartifact.com/blogs/2012/10/jboss-as-7-setting-up-hornetq-jms.html carefully.

           

          Must I set user/roles in property files?

          • 2. Re: Can HornetQ use JAAS role?
            ybxiang.china

            Oh, my god!

             

            JBoss as 7 is NOT clever enough, After I add bellow <authorization> in <security-realm name="ApplicationRealm">

             

                    <security-realm name="ApplicationRealm">
                        <server-identities>
                            <ssl>
                                <keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="ybxiang_keystore_password"/>
                            </ssl>
                        </server-identities>
                        <authentication>
                            <jaas name="nms-jaas-security-domain"/>
                       

            </authentication>


                        <authorization>
                            <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                        </authorization>
                    </security-realm>

             

            It works!

             

            Why should I configure my roles in both DB and property files???

             

            As far as I know, We need ONLY configure <authentication> for EJB.

            Why <authorization> does NOT support <jaas name="nms-jaas-security-domain"/> just like <authentication> does???

            • 3. Re: Can HornetQ use JAAS role?
              ybxiang.china

              I hope HornetQ support both JAAS authentication and JAAS authorization.

              I hate configure same roles in both DB and property files.

              • 4. Re: Can HornetQ use JAAS role?
                dlofthouse

                Feel free to raise a Jira and we can have a closer look at this scenario.

                 

                FYI support for specifying database authentication and authorization is on it's way shortly which will also eliminate the need for the legacy JAAS modules when defining a realm.

                • 5. Re: Can HornetQ use JAAS role?
                  ybxiang.china

                  Hi Lofthouse,

                            I raise a jira:https://issues.jboss.org/browse/AS7-5694

                  • 6. Re: Can HornetQ use JAAS role?
                    ybxiang.china

                    We can use security domain:

                     

                        <subsystem xmlns="urn:jboss:domain:messaging:1.3">
                            <hornetq-server>
                                <persistence-enabled>true</persistence-enabled>
                                <journal-file-size>102400</journal-file-size>
                                <journal-min-files>2</journal-min-files>
                    <security-domain>nms-jaas-security-domain</security-domain>

                    ....

                     

                     

                     

                     

                     

                     

                     

                    Please refer to https://docs.jboss.org/author/display/AS71/Messaging+configuration

                    Security Domain for Users

                    By default, HornetQ will use the "other" JAAS security domain.  This domain is used to authenticate users making connections to HornetQ and then they are authorized to perform specific functions based on their role(s) and the security-settings described above.  This domain can be changed by using security-domain, e.g.:

                     

                    <subsystem xmlns="urn:jboss:domain:messaging:1.0">

                     

                       [...]

                       <security-domain>mySecurityDomain</security-domain>

                       [...]

                    </subsystem>

                    • 7. Re: Can HornetQ use JAAS role?
                      jesper.s.karlsen

                      Hi Xiang,

                       

                      We are having problems creating initialcontext with ssl on remoting interface 4447. It seems you have it working - do you mind sharing your configuration? Here is a link to our post: https://community.jboss.org/message/849554

                      Any help would be greatly appreciated:0)

                       

                      Cheers,
                      Jesper

                      • 8. Re: Can HornetQ use JAAS role?
                        ybxiang.china

                        Yes, I had solved the problems gracefully.

                         

                        1. Official jboss as 7 servers does NOT works well for JMS Over SSL. They fixed the problem in jboss-as-7.2.0.Alpha1, but the problem comes out again in jboss-as-7.2.0.Final!

                        Now, I am still using jboss-as-7.2.0.Alpha1 which is build by myself: jbossas-jboss-as-7.1.2.Final-531-gc2df112.zip Actual version is: JBoss-7.2.0 alpha1

                         

                        I had asked jboss guys here: Why are there so many critical bugs in every jboss as 7.x.x???

                        (It seems that JBoss EAP 6.1 have fixed this problem, but I dare not to use it because of license consideration.)

                         

                         

                         

                        2. JMS configuration in standalone.xml:

                         

                         

                        <management>
                        <security-realms>
                        <security-realm name="ManagementRealm">
                        <authentication>
                        <jaas name="nms-jaas-security-domain"/>
                        </authentication>
                        </security-realm>
                        <security-realm name="ApplicationRealm">
                        <server-identities>
                        <ssl>
                        <keystore path="server.keystore" relative-to="jboss.server.config.dir" keystore-password="ybxiang_keystore_password"/>
                        </ssl>
                        </server-identities>
                        <authentication>
                        <jaas name="nms-jaas-security-domain"/>
                        </authentication>
                        </security-realm>
                        </security-realms>
                        <management-interfaces>
                        <native-interface security-realm="ManagementRealm">
                        <socket-binding native="management-native"/>
                        </native-interface>
                        <http-interface security-realm="ManagementRealm">
                        <socket-binding http="management-http"/>
                        </http-interface>
                        </management-interfaces>
                        </management> 
                        <subsystem xmlns="urn:jboss:domain:messaging:1.3">
                        <hornetq-server>
                        <persistence-enabled>true</persistence-enabled>
                        <security-domain>nms-jaas-security-domain</security-domain>
                        <journal-file-size>102400</journal-file-size>
                        <journal-min-files>2</journal-min-files>

                         

                        <connectors>
                        <netty-connector name="netty-ssl-connector" socket-binding="messaging">
                        <param key="ssl-enabled" value="true"/>
                        <param key="key-store-path" value="client.truststore"/>
                        <param key="key-store-password" value="ybxiang_truststore_password"/>
                        </netty-connector>
                        <netty-connector name="netty-throughput" socket-binding="messaging-throughput">
                        <param key="batch-delay" value="50"/>
                        </netty-connector>
                        <in-vm-connector name="in-vm" server-id="0"/>
                        </connectors>

                         

                        <acceptors>
                        <netty-acceptor name="netty-ssl-acceptor" socket-binding="messaging">
                        <param key="ssl-enabled" value="true"/>
                        <param key="key-store-path" value="server.keystore"/>
                        <param key="key-store-password" value="ybxiang_keystore_password"/>
                        <param key="trust-store-path" value="client.truststore"/>
                        <param key="trust-store-password" value="ybxiang_truststore_password"/>
                        </netty-acceptor>
                        <netty-acceptor name="netty-throughput" socket-binding="messaging-throughput">
                        <param key="batch-delay" value="50"/>
                        <param key="direct-deliver" value="false"/>
                        </netty-acceptor>
                        <in-vm-acceptor name="in-vm" server-id="0"/>
                        </acceptors>

                         

                        <security-settings>
                        <security-setting match="#">
                        <permission type="send" roles="admin jms_sender"/>
                        <permission type="consume" roles="admin jms_consumer"/>
                        <permission type="createDurableQueue" roles="admin jms_DurableQueue_creator"/>
                        <permission type="deleteDurableQueue" roles="jms_DurableQueue_killer admin"/>
                        <permission type="createNonDurableQueue" roles="admin jms_NonDurableQueue_creator"/>
                        <permission type="deleteNonDurableQueue" roles="jms_NonDurableQueue_killer admin"/>
                        </security-setting>
                        </security-settings>

                         

                        <address-settings>
                        <address-setting match="#">
                        <dead-letter-address>jms.queue.DLQ</dead-letter-address>
                        <expiry-address>jms.queue.ExpiryQueue</expiry-address>
                        <redelivery-delay>0</redelivery-delay>
                        <max-size-bytes>10485760</max-size-bytes>
                        <address-full-policy>BLOCK</address-full-policy>
                        <message-counter-history-day-limit>10</message-counter-history-day-limit>
                        </address-setting>
                        </address-settings>

                         

                        <jms-connection-factories>
                        <connection-factory name="InVmConnectionFactory">
                        <connectors>
                        <connector-ref connector-name="in-vm"/>
                        </connectors>
                        <entries>
                        <entry name="java:/ConnectionFactory"/>
                        </entries>
                        </connection-factory>
                        <connection-factory name="RemoteConnectionFactory">
                        <connectors>
                        <connector-ref connector-name="netty-ssl-connector"/>
                        </connectors>
                        <entries>
                        <entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>
                        </entries>
                        </connection-factory>
                        <pooled-connection-factory name="hornetq-ra">
                        <transaction mode="xa"/>
                        <connectors>
                        <connector-ref connector-name="in-vm"/>
                        </connectors>
                        <entries>
                        <entry name="java:/JmsXA"/>
                        </entries>
                        </pooled-connection-factory>
                        </jms-connection-factories>

                         

                        <jms-destinations>
                        <jms-queue name="testQueue">
                        <entry name="queue/test"/>
                        <entry name="java:jboss/exported/jms/queue/test"/>
                        </jms-queue>
                        <jms-topic name="testTopic">
                        <entry name="topic/test"/>
                        <entry name="java:jboss/exported/jms/topic/test"/>
                        </jms-topic>
                        <jms-topic name="nmsSOETopic">
                        <entry name="topic/nmsSOE"/>
                        <entry name="java:jboss/exported/jms/topic/nmsSOE"/>
                        </jms-topic>
                        </jms-destinations>
                        </hornetq-server>
                        </subsystem>
                        <subsystem xmlns="urn:jboss:domain:security:1.2">
                        <security-domains>
                        <security-domain name="nms-jaas-security-domain" cache-type="default">
                        <authentication>
                        <login-module code="Remoting" flag="optional">
                        <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                        <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                        <module-option name="password-stacking" value="useFirstPass"/>
                        <module-option name="dsJndiName" value="java:jboss/datasources/NmsMySqlDS"/>
                        <module-option name="principalsQuery" value="SELECT hashedPassword FROM User WHERE username=?"/>
                        <module-option name="rolesQuery" value="SELECT DISTINCT r.name, 'Roles' FROM User u, User_UserGroup ug, UserGroup_JaasRole gr, JaasRole r WHERE u.id=ug.user_id AND ug.usergroup_id=gr.usergroup_id AND gr.jaasrole_id=r.id AND u.rowStatus=0 AND u.username=?"/>
                        <module-option name="hashAlgorithm" value="SHA-256"/>
                        <module-option name="hashEncoding" value="Base64"/>
                        <module-option name="hashCharset" value="UTF-8"/>
                        <module-option name="unauthenticatedIdentity" value="guest"/>
                        </login-module>
                        </authentication>
                        </security-domain>

                         

                         

                         

                         

                         

                        3. JMS Client

                         

                        private static ConnectionFactory jmsConnectionFactory = null;
                        //缓存的共享的JMS资源,最后需要关闭
                        private static Connection jmsConnection = null;
                        private static Session    jmsSession = null;
                        //缓存的 nmsSOE JMS资源,MessageConsumer/MessageProducer需要关闭
                        private static DestinationjmsDestination_topic_nmsSOE = null;
                        private static MessageConsumer jmsConsumer_topic_nmsSOE = null;
                        //缓存的 test   JMS资源,MessageConsumer/MessageProducer需要关闭
                        private static DestinationjmsDestination_queue_test = null;
                        private static MessageConsumer jmsConsumer_queue_test = null;
                        private static MessageProducer jmsProducer_queue_test = null;

                          

                            private void initJmsResource(String serverIP, String username, String password)throws Exception {

                        Properties props = new Properties();
                        props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
                        //参见:https://community.jboss.org/message/729801#729801
                        props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
                        props.put(Context.PROVIDER_URL, System.getProperty(Context.PROVIDER_URL, "remote://"+serverIP+":4447"));
                        props.put(Context.SECURITY_PRINCIPAL, username);
                        props.put(Context.SECURITY_CREDENTIALS, password);
                        props.put("jboss.naming.client.connect.options.org.xnio.Options.SSL_STARTTLS", "true");
                        props.put("jboss.naming.client.remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "true");
                        //
                        InitialContext jmsInitialContext = new InitialContext(props);
                        jmsConnectionFactory = (ConnectionFactory) jmsInitialContext.lookup("jms/RemoteConnectionFactory");
                        //jmsConnection = connectionFactory.createConnection();//"javax.jms.JMSSecurityException: Unable to validate user: null"
                        jmsConnection = jmsConnectionFactory.createConnection(username,password);
                        jmsSession = jmsConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
                        //
                        //jms/topic/nmsSOE
                        {
                        jmsDestination_topic_nmsSOE = (Destination) jmsInitialContext.lookup("jms/topic/nmsSOE");
                        jmsConsumer_topic_nmsSOE = jmsSession.createConsumer(jmsDestination_topic_nmsSOE);
                        }
                        //jms/queue/test
                        {
                        jmsDestination_queue_test = (Destination) jmsInitialContext.lookup("jms/queue/test");
                        jmsConsumer_queue_test = jmsSession.createConsumer(jmsDestination_queue_test);
                        jmsProducer_queue_test = jmsSession.createProducer(jmsDestination_queue_test);
                        }
                        //
                        jmsConnection.start();
                        //
                        testJmsQueue();
                        //
                        initSoeJmsListener();

                            }

                          

                          

                          

                        /**
                        * https://community.jboss.org/message/721270
                        * Like everything else in JBoss AS 7.1.0.Final, JMS is secured by default.
                        * It uses the same security domain as JNDI so you can use the same username and password (i.e. appuser2 and passw0rd respectively)
                        *   in your call to javax.jms.ConnectionFactory.createConnection(String, String).
                        */
                        private void testJmsQueue(){
                        try {
                        TextMessage message = null;
                        int count = 1;
                        String content = "Hellow World from client!";
                        log.info("Sending " + count + " messages to [jms/queue/test] with content: " + content);

                         

                        //发送测试
                        for (int i = 0; i < count; i++) {
                        message = jmsSession.createTextMessage(content);
                        jmsProducer_queue_test.send(message);
                        }
                        //接收测试
                        for (int i = 0; i < count; i++) {
                        message = (TextMessage) jmsConsumer_queue_test.receive(1000);
                        if(message==null){
                        log.warn("1秒之内没有收到消息,该队列[jms/queue/test]中的消息可能已经被MDB接收!");
                        }else{
                        log.info("Received message with content " + message.getText());
                        }
                        }
                        } catch (Exception e) {
                        log.error(e);
                        }
                        }

                         

                            public static final String ATTR_SOE_NOTIFICATION = "ATTR_SOE_NOTIFICATION";

                        private void initSoeJmsListener(){
                        try {
                        jmsConsumer_topic_nmsSOE.setMessageListener(new MessageListener(){
                        @Override
                        public void onMessage(Message msg) {
                        try{
                        if(msg==null){
                        //log.warn("没有收到SOE消息...");//不可能
                        }else if(msg instanceof ObjectMessage){
                        ObjectMessage objectMessage = (ObjectMessage) msg;
                        fireSoeListeners(objectMessage);
                        //log.warn("Global SOE JMS 消息 Ne["+objectMessage.getStringProperty(Afn0E.SOE_STRING_PROPERTY_KEY_SOCKETDATA_ADDRESS_HEX)+"]:"+objectMessage);
                        }else{
                        log.warn("SOE JMS 消息应该是ObjectMessage类型!");
                        }
                        }catch(Exception exp){
                        log.error(exp);
                        }
                        }
                        });
                        } catch (Exception e) {
                        log.error(e);
                        }
                        }