[jboss-user] [JBoss Messaging] - Re: Secure Queue implementation in JBoss 4.0.2.GA
mskonda
do-not-reply at jboss.com
Tue Jan 22 03:50:10 EST 2008
You can secure your destinations (topics/queues) either individually or on a global basis.
Individual security:
Add the 'SecurityConfig' attribute with appropriate role access as shown below to the individual destination configuration:
| <mbean code="org.jboss.jms.server.destination.TopicService"
| name="jboss.messaging.destination:service=Topic,name=mySecuredTopic"
| xmbean-dd="xmdesc/Topic-xmbean.xml">
| <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
| <depends>jboss.messaging:service=PostOffice</depends>
|
| <attribute name="SecurityConfig">
| <security>
| <role name="jms_sub" read="true" write="false" create="false"/>
| <role name="jms_pub" read="false" write="true" create="false"/>
| <role name="jms_pubsub" read="true" write="true" create="false"/>
| <role name="jms_dursub" read="true" write="false" create="true"/>
| <role name="jms_admin" read="true" write="true" create="true"/>
| </security>
| </attribute>
| </mbean>
|
Of course, thsoe roles should be defined in your data store.
On a global basis, edit the deploy/jboss-messaging.sar/messaging-service.xml and add the 'DefaultSecurityConfig' block:
| <attribute name="DefaultSecurityConfig">
| <security>
| <role name="jms_sub" read="true" write="false" create="false"/>
| <role name="jms_pub" read="false" write="true" create="false"/>
| <role name="jms_pubsub" read="true" write="true" create="false"/>
| <role name="jms_dursub" read="true" write="false" create="true"/>
| <role name="jms_admin" read="true" write="true" create="true"/>
| </security>
| </attribute>
|
There's a detailed explanation on the user manual here.
http://labs.jboss.com/file-access/default/members/jbossmessaging/freezone/docs/userguide-1.4.0.SP3/html/configuration.html#conf.destination.queue.attributes.security
/Madhu
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4122080#4122080
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4122080
More information about the jboss-user
mailing list