JMS Topic with authentication for subscribers on Glassfish

StackOverflow https://stackoverflow.com/questions/21143272

Pergunta

I have a JMS Topic configured on my Glassfish Server, and I implemented a client to subscribe the Topic and print the messages it receives. This is working fine.

Here is my client. You can see that I opted to use a kind of 'direct connection' instead of using JNDI lookup.

com.sun.messaging.ConnectionFactory connFactory = new com.sun.messaging.ConnectionFactory();
connFactory.setProperty(com.sun.messaging.ConnectionConfiguration.imqAddressList, "mq://localhost:7676/");
TopicConnection connection = connFactory.createTopicConnection();
TopicSession session = connection.createTopicSession(false, Session.AUTO_ACKNOWLEDGE);
Topic topic = session.createTopic("myTopic");
TopicSubscriber subscriber = session.createSubscriber(topic);
subscriber.setMessageListener(this);
connection.start();

In this way any client can subscribe my Topic. What I want now is to find a way to force the client to authenticate before it start receiving messages. Is that possible on Glassfish?

So far I've tried changing the 'default JMS host' credentials on Glassfish admin page and passing the new credentials I've set on connection creation:

TopicConnection connection = connFactory.createTopicConnection("myuser", "mypass");

But this didn't work. It works if I pass the default credentials:

TopicConnection connection = connFactory.createTopicConnection("admin", "admin");

I think I must have to change the credentials somewhere else, but I don't know where. And even if it works, it will force the client to authenticate? I mean, there will be no other way for my client to subscribe my Topic without having credentials?

Foi útil?

Solução

Short answer:

1 - Create an user on imqbroker (glassfish3\mq\bin\imqusermgr.exe).

2 - Edit the accesscontrol.properties file (myDomain\imq\instances\imqbroker\etc) and set which user can consume which topic.

Long answer:

1 - Execute via command prompt:

\glassfish3\mq\bin\imqusermgr add -varhome c:\glassfish3\glassfish\domains\myDomain\imq -u myuser -p mypass

This will create an user on imqbroker indicated by varhome with specific username and password.

2 - In the accesscontrol.properties file (myDomain\imq\instances\imqbroker\etc), edit the section destination based access control to something like that:

topic.myTopic.consume.allow.user=myUser
topic.myTopic.consume.deny.user=*
topic.*.consume.allow.user=*

This will allow myUser consume myTopic and deny other users. And the rest of the topics you have will continue to allow all users to consume them. Note that topic.*.consume.allow.user=* does not replace the topic.myTopic.consume.deny.user=*.

My code remained the same:

TopicConnection conn = connectionFactory.createTopicConnection("myuser", "mypass");
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top