Authorizing users to connect to the messaging engine

You must validate if the authenticated users have sufficient permissions to access the messaging resources (that is queues or topic) to perform actions such as sending, receiving, or browsing messages.

1. Enable the wasJmsSecurity-1.0 feature in the server.xml file.

   <featureManager>
   	<feature>wasJmsServer-1.0</feature>
   	<feature>wasJmsClient-2.0</feature>
   	<feature>wasJmsSecurity-1.0</feature>
   </featureManager>

2. Configure the <messagingSecurity> element in the server.xml file to define the role and permission for each user, which will identify the action that they can perform on the messaging resource.
   The permissions for the destinations can be defined in the <messagingSecurity> element. The following is a sample configuration:

   <messagingEngine>
     <queue id="QUEUE1"/>
     <topicSpace id="TopicSpace1"/>
   
    <messagingSecurity>
       <role name="developer">
           <queuePermission queueRef="QUEUE1">
   		<action>SEND</action>
   		<action>BROWSE</action>
           </queuePermission>
   		
   	<topicPermission topicSpaceRef="TopicSpace1" topicName="Sports/Cricket">
   		<action>ALL</action>
   	</topicPermission>
   
           <user name="user1" />
           <user name="user3" />
           <group name="Developers" />
       </role>
      
       <role name="tester">
           <queuePermission queueRef="QUEUE1">
   		<action>BROWSE</action>
   	</queuePermission>
   		
   	<topicPermission topicSpaceRef="TopicSpace1">
   		<action>RECEIVE</action>
   	</topicPermission>
       
           <user name="user5" />
           <user name="user6" />
           <group name="Testers" />
       </role>
     </messagingSecurity>
   </messagingEngine>

   In the previous configuration, users user1 and user3 and the group Developers can perform the SEND and BROWSE actions on QUEUE1. They can also perform ALL actions on the topics Sports/Cricket in TopicSpace1. Similarly, users user5 and user6 and the group Testers can perform the BROWSE action on queue QUEUE1 and the RECEIVE action on all the topics in TopicSpace1.
3. Optional: When you are connecting to the messaging engine, specify the user name and password in the createConnection call.
   The following is the syntax:

   [createConnection(userName, password)]

   Connect to the messaging engine as an authenticated user and perform the operation that is based on the authorization permissions that are declared by the administrator.