HornetQ基于角色的安全实现

时间:2017-05-05 13:07:30

标签: jboss hornetq jbossfuse jboss-eap-6

我试图使用基于角色的安全实现来保护大黄蜂Q.     我使用FSW 6.0,它使用Jboss EAP 6.1。

独立xml配置。

<security-settings>
                    <security-setting match="#">
                        <permission type="send" roles="guest"/>
                        <permission type="consume" roles="guest"/>
                        <permission type="createNonDurableQueue" roles="guest"/>
                        <permission type="deleteNonDurableQueue" roles="guest"/>
                    </security-setting>
                    <security-setting match="Pricing.Eu.In.#">
                        <permission type="send" roles="pricing"/>
                        <permission type="consume" roles="pricing"/>
                    </security-setting>
                </security-settings>

I have created a new user using add-user.bat  Application Realm and assigned role to it.

application-roles.Properties 

#
# Properties declaration of users roles for the realm 'ApplicationRealm'.
#
# This includes the following protocols: remote ejb, remote jndi, web, remote jms
#
# Users can be added to this properties file at any time, updates after the server has started
# will be automatically detected.
#
# The format of this file is as follows: -
# username=role1,role2,role3
#
# A utility script is provided which can be executed from the bin folder to add the users: -
# - Linux
#  bin/add-user.sh
#
# - Windows
#  bin\add-user.bat
#
# The following illustrates how an admin user could be defined.
#
#admin=PowerUser,BillingAdmin,
#guest=guest
fswAdmin=overlorduser,admin.sramp,dev,qa,stage,prod,manager,arch,ba
dtgovworkflows=overlorduser,admin.sramp
guest=guest
cubehpr=pricing

当我尝试使用客户端应用程序发送消息到Pricing.Eu.In.Deferred jms队列时,我收到以下错误。     我错过了什么吗?

Exception in thread "main" javax.jms.JMSSecurityException: HQ119032: User: cubehpr doesnt have permission=SEND on address {2}
      at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:388)
      at org.hornetq.core.client.impl.ClientProducerImpl.sendRegularMessage(ClientProducerImpl.java:318)
      at org.hornetq.core.client.impl.ClientProducerImpl.doSend(ClientProducerImpl.java:288)
      at org.hornetq.core.client.impl.ClientProducerImpl.send(ClientProducerImpl.java:140)
      at org.hornetq.jms.client.HornetQMessageProducer.doSend(HornetQMessageProducer.java:438)
      at org.hornetq.jms.client.HornetQMessageProducer.send(HornetQMessageProducer.java:194)
      at com.agcs.bih.api.pricing.eu.dispatcher.HornetQClient.main(HornetQClient.java:63)
    Caused by: HornetQException[errorType=SECURITY_EXCEPTION message=HQ119032: User: cubehpr doesnt have permission=SEND on address {2}]
      ... 7 more

can you please help me.

1 个答案:

答案 0 :(得分:0)

尝试以下

                <security-settings>
                    <security-setting match="jms.queue.Pricing.Eu.In.#">
                        <permission type="send" roles="pricing"/>
                        <permission type="consume" roles="pricing"/>
                    </security-setting>
                    <security-setting match="#">
                        <permission type="send" roles="guest"/>
                        <permission type="consume" roles="guest"/>
                        <permission type="createNonDurableQueue" roles="guest"/>
                        <permission type="deleteNonDurableQueue" roles="guest"/>
                    </security-setting>
                </security-settings>
相关问题
最新问题