Hmm, I don't see any illegal access there. The bridge is properly legal
configured; router2 has exactly this auth config. Your sender/receiver
are accessing topic "t2.alias" on router1 and not on router2, so this
access must be authenticated by router1 which has probably switched the
auth off, because you are creating the connections anonymously for both,
sender and receiver.
If you have another opinion, please let me know.
BTW, the bridge 1.1 release supports now durable subscribers on both
sides. It will be released together with the 2.0.0 kernel.
Andreas
Kazutoshi Ono wrote:
>
> > As you see, there are 2 server defined, r2-1 and r2-2. r2-1 connects as
> > user 'u1' and publishes to topic 't1'. r2-2 connects as 'u2' and
> > subscribes to topic 't2'. That works fine. All other attempts, e.g.
> > subscribing from r2-1 to 't1' or publishing from r2-2 to 't2', are
> > throwing the expected security exception.
>
> I thank you for your kindly help and now I understand completely.
> I think there is a bug, but it's not critical one.
> Please see my report below.
>
> [problem]
> The problem is that user can receive messages illegally from the router which sent
>the messages.
> The messages can't be read from any other router/client.
> Please try configurations below.
>
> [the JMS Bridge config for router1]
> swiftlet.xt$bridge.servers.names=r2
> swiftlet.xt$bridge.servers.r2.configfile=../../conf/bridge_swiftmq.properties
>
>swiftlet.xt$bridge.servers.r2.objectfactory=com.swiftmq.extension.bridge.JNDIObjectFactory
> swiftlet.xt$bridge.servers.r2.password=u1
> swiftlet.xt$bridge.servers.r2.retryinterval=60000
> swiftlet.xt$bridge.servers.r2.username=u1
> swiftlet.xt$bridge.servers.r2.bridgings.names=t1,t2
> swiftlet.xt$bridge.servers.r2.bridgings.t1.direction=remote_to_local
> swiftlet.xt$bridge.servers.r2.bridgings.t1.localname=t1.alias
> swiftlet.xt$bridge.servers.r2.bridgings.t1.localtype=topic
> swiftlet.xt$bridge.servers.r2.bridgings.t1.remotefactoryname=plainsocket@router2
> swiftlet.xt$bridge.servers.r2.bridgings.t1.remotename=t1
> swiftlet.xt$bridge.servers.r2.bridgings.t1.remotetype=topic
> swiftlet.xt$bridge.servers.r2.bridgings.t1.transferpersistence=as_source
> swiftlet.xt$bridge.servers.r2.bridgings.t2.direction=local_to_remote
> swiftlet.xt$bridge.servers.r2.bridgings.t2.localname=t2.alias
> swiftlet.xt$bridge.servers.r2.bridgings.t2.localtype=topic
> swiftlet.xt$bridge.servers.r2.bridgings.t2.remotefactoryname=plainsocket@router2
> swiftlet.xt$bridge.servers.r2.bridgings.t2.remotename=t2
> swiftlet.xt$bridge.servers.r2.bridgings.t2.remotetype=topic
> swiftlet.xt$bridge.servers.r2.bridgings.t2.transferpersistence=as_source
> swiftlet.xt$bridge.class=com.swiftmq.extension.bridge.BridgeSwiftlet
>
> swiftlet.names=xt$bridge
>
> [the authentication config for router2]
> swiftlet.sys$authentication.authentication.enabled=true
>
> swiftlet.sys$authentication.groups.names=admin,g1,public
>
>swiftlet.sys$authentication.groups.admin.queuegrants.names=swiftmqmgmt,swiftmqmgmt@router1
> swiftlet.sys$authentication.groups.admin.queuegrants.swiftmqmgmt.browse=false
> swiftlet.sys$authentication.groups.admin.queuegrants.swiftmqmgmt.receive=false
> swiftlet.sys$[EMAIL PROTECTED]=false
>
>swiftlet.sys$[EMAIL PROTECTED]=false
> swiftlet.sys$authentication.groups.g1.topicgrants.names=t1,t2
> swiftlet.sys$authentication.groups.g1.topicgrants.t1.createdurable=true
> swiftlet.sys$authentication.groups.g1.topicgrants.t1.publish=true
> swiftlet.sys$authentication.groups.g1.topicgrants.t1.subscribe=true
> swiftlet.sys$authentication.groups.g1.topicgrants.t2.createdurable=false
> swiftlet.sys$authentication.groups.g1.topicgrants.t2.publish=true
> swiftlet.sys$authentication.groups.g1.topicgrants.t2.subscribe=false
> swiftlet.sys$authentication.groups.public.queuegrants.names=timeQueue@router1
> swiftlet.sys$[EMAIL PROTECTED]=false
> swiftlet.sys$[EMAIL PROTECTED]=false
> swiftlet.sys$[EMAIL PROTECTED]=true
> swiftlet.sys$authentication.groups.public.topicgrants.names=swiftmq.jndi,testtopic
>
>swiftlet.sys$authentication.groups.public.topicgrants.swiftmq.jndi.createdurable=false
> swiftlet.sys$authentication.groups.public.topicgrants.swiftmq.jndi.subscribe=false
> swiftlet.sys$authentication.groups.public.topicgrants.testtopic.createdurable=true
> swiftlet.sys$authentication.groups.public.topicgrants.testtopic.publish=true
> swiftlet.sys$authentication.groups.public.topicgrants.testtopic.subscribe=true
>
> swiftlet.sys$authentication.users.names=admin,u1
> swiftlet.sys$authentication.users.admin.group=admin
> swiftlet.sys$authentication.users.admin.password=secret
> swiftlet.sys$authentication.users.u1.group=g1
> swiftlet.sys$authentication.users.u1.password=u1
>
> [a illegal message receiver]
> import java.util.*;
> import javax.jms.*;
> import javax.naming.*;
>
> public class ReceiveMessage {
> public static void main(String[] args) throws Exception {
> String topicName = "t2.alias";
>
> Hashtable env = new Hashtable();
> env.put(Context.INITIAL_CONTEXT_FACTORY,
>"com.swiftmq.jndi.InitialContextFactoryImpl");
> env.put(Context.PROVIDER_URL, "smqp://localhost:4001/timeout=10000");
> Context context = new InitialContext(env);
>
> TopicConnectionFactory factory =
> (TopicConnectionFactory)context.lookup("TopicConnectionFactory");
> TopicConnection topicConnection = factory.createTopicConnection();
> //topicConnection.setClientID("test");
> TopicSession topicSession = topicConnection.createTopicSession(false,
>Session.AUTO_ACKNOWLEDGE);
> Topic topic = (Topic)context.lookup(topicName);
> TopicSubscriber topicSubscriber = topicSession.createSubscriber(topic);
>
> MyMessageListener listener = new MyMessageListener();
> topicSubscriber.setMessageListener(listener);
> topicConnection.start();
> while (true) {
> Thread.sleep(1);
> }
> }
> }
>
> class MyMessageListener implements MessageListener {
> public void onMessage(Message m) {
> try {
> TextMessage msg = (TextMessage)m;
> System.out.println("Received: " + msg.getText());
> } catch(JMSException e) {
> e.printStackTrace();
> }
> }
> }
>
> [a message sender]
> import java.util.*;
> import javax.jms.*;
> import javax.naming.*;
>
> public class SendMessage {
> public static void main(String[] args) throws Exception {
> String topicName = "t2.alias";
>
> Hashtable env = new Hashtable();
> env.put(Context.INITIAL_CONTEXT_FACTORY,
>"com.swiftmq.jndi.InitialContextFactoryImpl");
> env.put(Context.PROVIDER_URL, "smqp://localhost:4001/timeout=10000");
> Context context = new InitialContext(env);
>
> TopicConnectionFactory factory =
> (TopicConnectionFactory)context.lookup("TopicConnectionFactory");
> TopicConnection topicConnection = factory.createTopicConnection();
> TopicSession topicSession = topicConnection.createTopicSession(false,
>Session.AUTO_ACKNOWLEDGE);
> Topic topic = (Topic)context.lookup(topicName);
> TopicPublisher topicPublisher = topicSession.createPublisher(topic);
> TextMessage message = topicSession.createTextMessage();
> message.setText("The time is " + new Date());
> topicPublisher.publish(message, DeliveryMode.PERSISTENT, Message.DEFAULT_PRIORITY,
>Message.DEFAULT_TIME_TO_LIVE);
> System.out.println("Published.");
> topicConnection.close();
> System.exit(0);
> }
> }
>
> Thanks,
>
> --
> Kazutoshi
>
> ------------------------------------------------------
> SwiftMQ developers mailing list * http://www.swiftmq.com
> To unsubscribe from this list, send an eMail to
> [EMAIL PROTECTED] and write in the body of your message:
> UNSUBSCRIBE developers <your-email-address>
> Archive: http://www.mail-archive.com/developers@mail.iit.de/
--
Andreas Mueller, [EMAIL PROTECTED], IIT GmbH, Bremen/Germany, http://www.iit.de
SwiftMQ - JMS Enterprise Messaging System, http://www.swiftmq.com
------------------------------------------------------
SwiftMQ developers mailing list * http://www.swiftmq.com
To unsubscribe from this list, send an eMail to
[EMAIL PROTECTED] and write in the body of your message:
UNSUBSCRIBE developers <your-email-address>
Archive: http://www.mail-archive.com/developers@mail.iit.de/
