on 05-14-2008 8:26 AM
Hello,
Is this error related to authorizations.
Delivery of the message to the application using connection JMS_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Connector for ConnectionProfile of channel: JMS_r_POInquiryon node: 7633450 having object id: 506d6bcf816138ada9314ea570367c02 encountered error: Access denied to resource: type=<jms>, application=, destinationType=queue, resource=OiImport, action=send in sending to destination OiImport, the message message: TextMessage[null, <?xml version="1.0" encoding="...]: weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=, destinationType=queue, resource=OiImport, action=send.
hi regarding Authorization for JMS resources
Here are the steps you should make
1. Create your own topic
JMS Provider -> "Runtime" tab -> "JMS Server instances" border ("default") -> "Topics" tab -> "Create" button.
Let's name this topic "MySecureTopic".
2. Create a user which will have the permissions to produce messages to "MySecureTopic".
Security Provider -> "Runtime" tab -> "User Management" tab -> "Create User" button.
Let's name this user "secureproducer" with password "securepasswd". In my test I put this
user in "Authenticated users" group, but maybe he can be in any other group.
3. Now create new Security Role:
Security Provider -> "Components" ("service.jms.default.authorization") -> "Runtime" tab -> "Policy Configuration" tab -> "Security Roles" tab -> "Security Roles" -> "Add" button.
Note: in "service.jms.default.authorization" 'default' is the name of JMS instance (JMS Provider -> "Runtime" tab -> "JMS Server instances" border). If you use another instance, you should use the respective component ("service.jms.another.authorization").
The name of my role is "SecureProdurerRole".
Also add "secureproducer" user in this role :
Select "SecureProdurerRole" and click on "Mappings" -> "Add" button.
Security Provider -> "Runtime" tab -> "Policy Configuration" tab -> "Security Roles" tab -> "Mappings" border -> "Users" border -> "Add" button
4. Now you should add a security rule that makes the required behaviour :
Security Provider -> "Runtime" tab -> "Policy Configuration" tab -> "Resources" tab ->
4.1. from "Resources" border choose "topic"
4.2. from "Instances" border choose "MySecureTopic"
4.3. from "Actions" border choose Action "produce"
4.4. in "Granted" border should be only "SecureProdurerRole" and in "Denied" border - "administrators" and "clients" roles.
Now in your Java code you must create your JMS connection with username and password provided:
// this is the producer connection
codetc = tcf.createTopicConnection("secureproducer", "securepasswd");[/code]
Otherwise using codetc = tcf.createTopicConnection();[/code] this exception will occur :
javax.jms.JMSSecurityException: You do not have permissions: action produce and instance MySecureTopic.
at ...
reward points if solution found helpfull
regards
chandrakanth
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.