Monday, August 10, 2015

JBoss Messaging doesn't have permission to create Queue?

I have a piece of JMS subscriber code that's going to connect to JBoss Messaging. However, it throws me an error when the subscriber was trying to load up the topic:
Exception in thread "main" javax.jms.JMSSecurityException: HQ119032: User: huahsin68 doesnt have permission=CREATE_NON_DURABLE_QUEUE on address {2}
 at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:378)
 at org.hornetq.core.client.impl.ClientSessionImpl.internalCreateQueue(ClientSessionImpl.java:1987)
 at org.hornetq.core.client.impl.ClientSessionImpl.createTemporaryQueue(ClientSessionImpl.java:356)
 at org.hornetq.core.client.impl.DelegatingSession.createTemporaryQueue(DelegatingSession.java:304)
 at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:559)
 at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:378)
 at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:348)
 at org.hornetq.jms.client.HornetQSession.createSubscriber(HornetQSession.java:858)
 at org.huahsin.TopicSubscriber.subscribeTopic(TopicSubscriber.java:45)
 at org.huahsin.TopicSubscriber.main(TopicSubscriber.java:26)
Caused by: HornetQException[errorType=SECURITY_EXCEPTION message=HQ119032: User: huahsin68 doesnt have permission=CREATE_NON_DURABLE_QUEUE on address {2}]
 ... 10 more
This is the piece that does the job:
  try {
   ctx = new InitialContext(prop);
   TopicConnectionFactory topicFac = (TopicConnectionFactory) ctx.lookup("jms/RemoteConnectionFactory");
   topicConn = topicFac.createTopicConnection("huahsin68", "abcd");
   
   while(!receive) {
    TopicSession topicSess = topicConn.createTopicSession(false, Session.AUTO_ACKNOWLEDGE);
    Topic topic = (Topic) ctx.lookup("jms/topic/test");
    topicConn.start();
    
    javax.jms.TopicSubscriber subscriber = topicSess.createSubscriber(topic);
    TestMessageListener listener = new TestMessageListener();
    subscriber.setMessageListener(listener);
    
    Thread.sleep(5000);
    subscriber.close();
    topicSess.close();
   }
  }
  finally {
   if( topicConn != null ) {
    topicConn.close();
   }
  }
This sound like the security issue or permission configuration error. I'm sure everything have been configured properly, but I was not sure whether is there anything wrong with the security settings:
                ...

                <security-settings>
                    <security-setting match="#">
                        <permission type="send" roles="guest"/>
                        <permission type="consume" roles="guest"/>
                        <permission type="createNonDurableQueue" roles="guest"/>
                        <permission type="deleteNonDurableQueue" roles="guest"/>
                    </security-setting>
                </security-settings>
Wait a minute! This reminds me that the role assignment was missed out during the user creation. Did a quick check on application-roles.properties and found out the role was not assigned to user huahsin68.

This is what it shows on application-role.properties:
# The following illustrates how an admin user could be defined.
#
#admin=PowerUser,BillingAdmin,
#guest=guest
huahsin68=
Since the topic creation must have a guest role as configured in the security settings. Fill it up with a guest role to the user and then re-run the program, everything will be fine.

No comments: