Authorizing users to connect to the messaging engine
You must validate if the authenticated users have sufficient permissions to access the messaging resources (that is queues or topic) to perform actions such as sending, receiving, or browsing messages.
Procedure
- Enable the
wasJmsSecurity-1.0
feature in the server.xml file.<featureManager> <feature>
wasJmsServer-1.0
</feature> <feature>wasJmsClient-2.0
</feature> <feature>wasJmsSecurity-1.0
</feature> </featureManager> - Configure the <messagingSecurity> element in the server.xml file
to define the role and permission for each user, which will identify
the action that they can perform on the messaging resource. The permissions for the destinations can be defined in the <messagingSecurity> element. The following is a sample configuration:
In the previous configuration, users user1 and user3 and the group Developers can perform the<messagingEngine> <queue id="QUEUE1"/> <topicSpace id="TopicSpace1"/> <messagingSecurity> <role name="developer"> <queuePermission queueRef="QUEUE1"> <action>SEND</action> <action>BROWSE</action> </queuePermission> <topicPermission topicSpaceRef="TopicSpace1" topicName="Sports/Cricket"> <action>ALL</action> </topicPermission> <user name="user1" /> <user name="user3" /> <group name="Developers" /> </role> <role name="tester"> <queuePermission queueRef="QUEUE1"> <action>BROWSE</action> </queuePermission> <topicPermission topicSpaceRef="TopicSpace1"> <action>RECEIVE</action> </topicPermission> <user name="user5" /> <user name="user6" /> <group name="Testers" /> </role> </messagingSecurity> </messagingEngine>
SEND
andBROWSE
actions on QUEUE1. They can also performALL
actions on the topics Sports/Cricket in TopicSpace1. Similarly, users user5 and user6 and the group Testers can perform theBROWSE
action on queue QUEUE1 and theRECEIVE
action on all the topics in TopicSpace1. - Optional: When you are connecting to the messaging
engine, specify the user name and password in the
createConnection
call.The following is the syntax:[createConnection(userName, password)]
Connect to the messaging engine as an authenticated user and perform the operation that is based on the authorization permissions that are declared by the administrator.