[ https://issues.jboss.org/browse/AS7-3150?page=com.atlassian.jira.plugin.s... ] David White updated AS7-3150: ----------------------------- Summary: Security for HornetQ (was: Security for HornetQ in AS7) Affects Version/s: 7.1.0.CR1b Workaround Description: none - use external security Description: Can't find a way to require auth for a JMS connection http://lists.jboss.org/pipermail/jboss-as7-dev/2011-October/004057.html suggests there is a bug of omission (perhaps just in the documentation). Having searched for days, I can't find a solution, hence this bug report. Component/s: JMS Steps to Reproduce: set in standalone-full.xml <security-settings> <security-setting match="#"> <permission type="send" roles="admin"/> <permission type="consume" roles="admin"/> <permission type="manage" roles="admin"/> </security-setting> </security-settings> observe that a new JMS connection requires no authentiation -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/AS7-3150?page=com.atlassian.jira.plugin.s... ] David White updated AS7-3150: ----------------------------- Steps to Reproduce: set in messaging section of standalone-full.xml <security-settings> <security-setting match="#"> <permission type="send" roles="admin"/> <permission type="consume" roles="admin"/> <permission type="manage" roles="admin"/> </security-setting> </security-settings> observe that a new JMS connection requires no authentiation to send or consume from any destination was: set in messaging section of standalone-full.xml <security-settings> <security-setting match="#"> <permission type="send" roles="admin"/> <permission type="consume" roles="admin"/> <permission type="manage" roles="admin"/> </security-setting> </security-settings> observe that a new JMS connection requires no authentiation -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/AS7-3150?page=com.atlassian.jira.plugin.s... ] Brian Stansberry updated AS7-3150: ---------------------------------- Fix Version/s: 7.1.0.Final Assignee: Andy Taylor Forum Reference: http://community.jboss.org/thread/176900 (was: http://community.jboss.org/thread/176900) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/AS7-3150?page=com.atlassian.jira.plugin.s... ] Brian Stansberry updated AS7-3150: ---------------------------------- Priority: Blocker (was: Major) Forum Reference: http://community.jboss.org/thread/176900 (was: http://community.jboss.org/thread/176900) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/AS7-3150?page=com.atlassian.jira.plugin.s... ] Justin Bertram commented on AS7-3150: ------------------------------------- This work is being done at https://github.com/jbertram/jboss-as/tree/AS7-3150. It's mostly done at this point. I just need to add a few tests, etc. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/AS7-3150?page=com.atlassian.jira.plugin.s... ] Ed Keen commented on AS7-3150: ------------------------------ @Justin, I have added the following security domain to the security subsystem: {code} <security-domain name="messaging" cache-type="default"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/messaging-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/messaging-roles.properties"/> </login-module> </authentication> </security-domain> {code} My messaging-users.properties file just has a user=password format, and my messaging-roles.properties file has a user=role format. I also added the following security section in my messaging subsystem: {code} <security-settings> <security-setting match="jms.queue.cbs.#"> <permission type="send" roles="cbsuser"/> <permission type="consume" roles="cbsuser"/> <permission type="createNonDurableQueue" roles="cbsuser"/> <permission type="deleteNonDurableQueue" roles="cbsuser"/> </security-setting> </security-settings> {code} When I create my JMS connection, I pass a username & password, like this: {code} Connection conn = factory.createConnection("user1", "password"); {code} However, I am getting the following error: javax.jms.JMSSecurityException: Unable to validate user: user1 Is there a step that I am missing in the process? I know that for the application-users and mgmt-users, you have to call the add-user.bat file in order to add the user. Do we have to do that here as well? Any help you can offer would be greatly appreciated. Thanks, Ed -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira

[ https://issues.jboss.org/browse/AS7-3150?page=com.atlassian.jira.plugin.s... ] Ed Keen commented on AS7-3150: ------------------------------ Moved to AS7 user forum: https://community.jboss.org/thread/195072 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira