User: null doesnt have permission=CREATE_DURABLE_QUEUE on address

Question

I am simply trying to creare a JMS durable subscriber and I am using HornetQ server. But I am getting the follwing exception thrown on execution

Connection Factory Looked Up : HornetQConnectionFactory [serverLocator=ServerLocatorImpl [initialConnectors=[TransportConfiguration(name=netty, factory=org-hornetq-core-remoting-impl-netty-NettyConnectorFactory) ?port=5445&host=localhost], discoveryGroupConfiguration=null], clientID=null, consumerWindowSize = 1048576, dupsOKBatchSize=1048576, transactionBatchSize=1048576, readOnly=false]
Topic Looked Up : HornetQTopic[TestTopic]
Connection Created : org.hornetq.jms.client.HornetQConnection@299320cf
CLient ID set : DSubCliID
Session Created : HornetQSession->DelegatingSession [session=ClientSessionImpl [name=ab3a1be5-559f-11e3-bd5b-87d0be06d2c5, username=null, closed=false, factory = ClientSessionFactoryImpl [serverLocator=ServerLocatorImpl [initialConnectors=[TransportConfiguration(name=netty, factory=org-hornetq-core-remoting-impl-netty-NettyConnectorFactory) ?port=5445&host=localhost], discoveryGroupConfiguration=null], connectorConfig=TransportConfiguration(name=netty, factory=org-hornetq-core-remoting-impl-netty-NettyConnectorFactory) ?port=5445&host=localhost, backupConfig=null], metaData=(jms-client-id=DSubCliID,jms-session=,)]@22eff179]
javax.jms.JMSSecurityException: HQ119032: User: null doesnt have permission=CREATE_DURABLE_QUEUE on address {2}
    at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:388)
    at org.hornetq.core.client.impl.ClientSessionImpl.internalCreateQueue(ClientSessionImpl.java:2021)
    at org.hornetq.core.client.impl.ClientSessionImpl.createQueue(ClientSessionImpl.java:357)
    at org.hornetq.core.client.impl.DelegatingSession.createQueue(DelegatingSession.java:298)
    at org.hornetq.jms.client.HornetQSession.createConsumer(HornetQSession.java:782)
    at org.hornetq.jms.client.HornetQSession.createDurableConsumer(HornetQSession.java:547)
    at org.hornetq.jms.client.HornetQSession.createDurableConsumer(HornetQSession.java:527)
    at DurableSubscriber.main(DurableSubscriber.java:38)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:601)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: HornetQSecurityException[errorType=SECURITY_EXCEPTION message=HQ119032: User: null doesnt have permission=CREATE_DURABLE_QUEUE on address {2}]
    ... 13 more

Looks like some permissions issue. I have not changed any configurations except adding default queue and topic in hornetq-jms.xml.

   <queue name="TestQueue">
      <entry name="queues/TestQueue"/>
   </queue>

   <topic name="TestTopic">
      <entry name="topics/TestTopic"/>
   </topic>

security configuration in hornetq-configuration.xml is as follows -

   <security-settings>
      <security-setting match="#">
         <permission type="createNonDurableQueue" roles="guest"/>
         <permission type="deleteNonDurableQueue" roles="guest"/>
         <permission type="consume" roles="guest"/>
         <permission type="send" roles="guest"/>
      </security-setting>
   </security-settings>

Everything is default one. What must be done so that I can create a durable subscriber?

Answer 1

Looks like createDurableQueue permission role mapping is missing in default config, take a look at the HornetQ durable subscriber example code (which comes bundled with installation) for required configuration.

In short, you may try following additional config:

<permission type="createDurableQueue" roles="guest"/>
<permission type="deleteDurableQueue" roles="guest"/>

Answer 2

Just to add to harsh's answer above which is the correct answer BTW we can also disable security entirely.

Adding the line

<security-enabled>false</security-enabled>

to hornetq-configuration.xml and removing the <security-settings> completely will also do the trick.

More information here.

Answer 3

Don't forget to use a user with "guest" role when sending the message to the queue. To do this you need to edit application-roles.properties and set

sender_user=guest