HornetQ 基于角色的安全实现

Question

我正在尝试使用基于角色的安全实施来保护 hornet Q。 我正在使用 FSW 6.0，它使用 Jboss EAP 6.1。

独立的 xml 配置。

<security-settings>
                    <security-setting match="#">
                        <permission type="send" roles="guest"/>
                        <permission type="consume" roles="guest"/>
                        <permission type="createNonDurableQueue" roles="guest"/>
                        <permission type="deleteNonDurableQueue" roles="guest"/>
                    </security-setting>
                    <security-setting match="Pricing.Eu.In.#">
                        <permission type="send" roles="pricing"/>
                        <permission type="consume" roles="pricing"/>
                    </security-setting>
                </security-settings>

I have created a new user using add-user.bat  Application Realm and assigned role to it.

应用程序角色属性

#
# Properties declaration of users roles for the realm 'ApplicationRealm'.
#
# This includes the following protocols: remote ejb, remote jndi, web, remote jms
#
# Users can be added to this properties file at any time, updates after the server has started
# will be automatically detected.
#
# The format of this file is as follows: -
# username=role1,role2,role3
#
# A utility script is provided which can be executed from the bin folder to add the users: -
# - Linux
#  bin/add-user.sh
#
# - Windows
#  bin\add-user.bat
#
# The following illustrates how an admin user could be defined.
#
#admin=PowerUser,BillingAdmin,
#guest=guest
fswAdmin=overlorduser,admin.sramp,dev,qa,stage,prod,manager,arch,ba
dtgovworkflows=overlorduser,admin.sramp
guest=guest
cubehpr=pricing

当我尝试使用客户端应用程序向 Pricing.Eu.In.Deferred jms 队列发送消息时，出现以下错误。 我有什么遗漏吗？

Exception in thread "main" javax.jms.JMSSecurityException: HQ119032: User: cubehpr doesnt have permission=SEND on address {2}
      at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:388)
      at org.hornetq.core.client.impl.ClientProducerImpl.sendRegularMessage(ClientProducerImpl.java:318)
      at org.hornetq.core.client.impl.ClientProducerImpl.doSend(ClientProducerImpl.java:288)
      at org.hornetq.core.client.impl.ClientProducerImpl.send(ClientProducerImpl.java:140)
      at org.hornetq.jms.client.HornetQMessageProducer.doSend(HornetQMessageProducer.java:438)
      at org.hornetq.jms.client.HornetQMessageProducer.send(HornetQMessageProducer.java:194)
      at com.agcs.bih.api.pricing.eu.dispatcher.HornetQClient.main(HornetQClient.java:63)
    Caused by: HornetQException[errorType=SECURITY_EXCEPTION message=HQ119032: User: cubehpr doesnt have permission=SEND on address {2}]
      ... 7 more

can you please help me.

Answer 1

尝试关注

                <security-settings>
                    <security-setting match="jms.queue.Pricing.Eu.In.#">
                        <permission type="send" roles="pricing"/>
                        <permission type="consume" roles="pricing"/>
                    </security-setting>
                    <security-setting match="#">
                        <permission type="send" roles="guest"/>
                        <permission type="consume" roles="guest"/>
                        <permission type="createNonDurableQueue" roles="guest"/>
                        <permission type="deleteNonDurableQueue" roles="guest"/>
                    </security-setting>
                </security-settings>