cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access

Former Member

on ‎05-14-2008 8:26 AM

0 Kudos

Hello,

Is this error related to authorizations.

Delivery of the message to the application using connection JMS_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Connector for ConnectionProfile of channel: JMS_r_POInquiryon node: 7633450 having object id: 506d6bcf816138ada9314ea570367c02 encountered error: Access denied to resource: type=<jms>, application=, destinationType=queue, resource=OiImport, action=send in sending to destination OiImport, the message message: TextMessage[null, <?xml version="1.0" encoding="...]: weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=, destinationType=queue, resource=OiImport, action=send.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎05-14-2008 8:36 AM
0 Kudos

hi regarding Authorization for JMS resources

Here are the steps you should make

1. Create your own topic

JMS Provider -> "Runtime" tab -> "JMS Server instances" border ("default") -> "Topics" tab -> "Create" button.

Let's name this topic "MySecureTopic".

2. Create a user which will have the permissions to produce messages to "MySecureTopic".

Security Provider -> "Runtime" tab -> "User Management" tab -> "Create User" button.

Let's name this user "secureproducer" with password "securepasswd". In my test I put this

user in "Authenticated users" group, but maybe he can be in any other group.

3. Now create new Security Role:

Security Provider -> "Components" ("service.jms.default.authorization") -> "Runtime" tab -> "Policy Configuration" tab -> "Security Roles" tab -> "Security Roles" -> "Add" button.

Note: in "service.jms.default.authorization" 'default' is the name of JMS instance (JMS Provider -> "Runtime" tab -> "JMS Server instances" border). If you use another instance, you should use the respective component ("service.jms.another.authorization").

The name of my role is "SecureProdurerRole".

Also add "secureproducer" user in this role :

Select "SecureProdurerRole" and click on "Mappings" -> "Add" button.

Security Provider -> "Runtime" tab -> "Policy Configuration" tab -> "Security Roles" tab -> "Mappings" border -> "Users" border -> "Add" button

4. Now you should add a security rule that makes the required behaviour :

Security Provider -> "Runtime" tab -> "Policy Configuration" tab -> "Resources" tab ->

4.1. from "Resources" border choose "topic"

4.2. from "Instances" border choose "MySecureTopic"

4.3. from "Actions" border choose Action "produce"

4.4. in "Granted" border should be only "SecureProdurerRole" and in "Denied" border - "administrators" and "clients" roles.

Now in your Java code you must create your JMS connection with username and password provided:

// this is the producer connection

codetc = tcf.createTopicConnection("secureproducer", "securepasswd");[/code]

Otherwise using codetc = tcf.createTopicConnection();[/code] this exception will occur :

javax.jms.JMSSecurityException: You do not have permissions: action produce and instance MySecureTopic.

at ...

reward points if solution found helpfull

regards

chandrakanth

Show replies
Show replies
Ask a Question