Monday, August 10, 2015

JBoss Messaging doesn't have permission to create Queue?

I have a piece of JMS subscriber code that's going to connect to JBoss Messaging. However, it throws me an error when the subscriber was trying to load up the topic:
Exception in thread "main" javax.jms.JMSSecurityException: HQ119032: User: huahsin68 doesnt have permission=CREATE_NON_DURABLE_QUEUE on address {2}
 at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(
 at org.hornetq.core.client.impl.ClientSessionImpl.internalCreateQueue(
 at org.hornetq.core.client.impl.ClientSessionImpl.createTemporaryQueue(
 at org.hornetq.core.client.impl.DelegatingSession.createTemporaryQueue(
 at org.hornetq.jms.client.HornetQSession.createConsumer(
 at org.hornetq.jms.client.HornetQSession.createConsumer(
 at org.hornetq.jms.client.HornetQSession.createConsumer(
 at org.hornetq.jms.client.HornetQSession.createSubscriber(
 at org.huahsin.TopicSubscriber.subscribeTopic(
 at org.huahsin.TopicSubscriber.main(
Caused by: HornetQException[errorType=SECURITY_EXCEPTION message=HQ119032: User: huahsin68 doesnt have permission=CREATE_NON_DURABLE_QUEUE on address {2}]
 ... 10 more
This is the piece that does the job:
  try {
   ctx = new InitialContext(prop);
   TopicConnectionFactory topicFac = (TopicConnectionFactory) ctx.lookup("jms/RemoteConnectionFactory");
   topicConn = topicFac.createTopicConnection("huahsin68", "abcd");
   while(!receive) {
    TopicSession topicSess = topicConn.createTopicSession(false, Session.AUTO_ACKNOWLEDGE);
    Topic topic = (Topic) ctx.lookup("jms/topic/test");
    javax.jms.TopicSubscriber subscriber = topicSess.createSubscriber(topic);
    TestMessageListener listener = new TestMessageListener();
  finally {
   if( topicConn != null ) {
This sound like the security issue or permission configuration error. I'm sure everything have been configured properly, but I was not sure whether is there anything wrong with the security settings:

                    <security-setting match="#">
                        <permission type="send" roles="guest"/>
                        <permission type="consume" roles="guest"/>
                        <permission type="createNonDurableQueue" roles="guest"/>
                        <permission type="deleteNonDurableQueue" roles="guest"/>
Wait a minute! This reminds me that the role assignment was missed out during the user creation. Did a quick check on and found out the role was not assigned to user huahsin68.

This is what it shows on
# The following illustrates how an admin user could be defined.
Since the topic creation must have a guest role as configured in the security settings. Fill it up with a guest role to the user and then re-run the program, everything will be fine.

No comments: