HornetQ基於角色的安全實現

Question

Iam試圖使用基於角色的安全實現來保護hornet Q.使用使用Jboss EAP 6.1的FSW 6.0的Iam。

獨立xml配置。

<security-settings> 
        <security-setting match="#"> 
         <permission type="send" roles="guest"/> 
         <permission type="consume" roles="guest"/> 
         <permission type="createNonDurableQueue" roles="guest"/> 
         <permission type="deleteNonDurableQueue" roles="guest"/> 
        </security-setting> 
        <security-setting match="Pricing.Eu.In.#"> 
         <permission type="send" roles="pricing"/> 
         <permission type="consume" roles="pricing"/> 
        </security-setting> 
       </security-settings> 

I have created a new user using add-user.bat Application Realm and assigned role to it. 

application-roles.Properties

# 
# Properties declaration of users roles for the realm 'ApplicationRealm'. 
# 
# This includes the following protocols: remote ejb, remote jndi, web, remote jms 
# 
# Users can be added to this properties file at any time, updates after the server has started 
# will be automatically detected. 
# 
# The format of this file is as follows: - 
# username=role1,role2,role3 
# 
# A utility script is provided which can be executed from the bin folder to add the users: - 
# - Linux 
# bin/add-user.sh 
# 
# - Windows 
# bin\add-user.bat 
# 
# The following illustrates how an admin user could be defined. 
# 
#admin=PowerUser,BillingAdmin, 
#guest=guest 
fswAdmin=overlorduser,admin.sramp,dev,qa,stage,prod,manager,arch,ba 
dtgovworkflows=overlorduser,admin.sramp 
guest=guest 
cubehpr=pricing 

當我嘗試使用客戶端應用程序IAM得到以下錯誤消息發送到Pricing.Eu.In.Deferred JMS隊列。 我錯過了什麼？

Exception in thread "main" javax.jms.JMSSecurityException: HQ119032: User: cubehpr doesnt have permission=SEND on address {2} 
     at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:388) 
     at org.hornetq.core.client.impl.ClientProducerImpl.sendRegularMessage(ClientProducerImpl.java:318) 
     at org.hornetq.core.client.impl.ClientProducerImpl.doSend(ClientProducerImpl.java:288) 
     at org.hornetq.core.client.impl.ClientProducerImpl.send(ClientProducerImpl.java:140) 
     at org.hornetq.jms.client.HornetQMessageProducer.doSend(HornetQMessageProducer.java:438) 
     at org.hornetq.jms.client.HornetQMessageProducer.send(HornetQMessageProducer.java:194) 
     at com.agcs.bih.api.pricing.eu.dispatcher.HornetQClient.main(HornetQClient.java:63) 
    Caused by: HornetQException[errorType=SECURITY_EXCEPTION message=HQ119032: User: cubehpr doesnt have permission=SEND on address {2}] 
     ... 7 more 

can you please help me. 

Answer 1

嘗試以下

   <security-settings> 
        <security-setting match="jms.queue.Pricing.Eu.In.#"> 
         <permission type="send" roles="pricing"/> 
         <permission type="consume" roles="pricing"/> 
        </security-setting> 
        <security-setting match="#"> 
         <permission type="send" roles="guest"/> 
         <permission type="consume" roles="guest"/> 
         <permission type="createNonDurableQueue" roles="guest"/> 
         <permission type="deleteNonDurableQueue" roles="guest"/> 
        </security-setting> 
       </security-settings>