Environment:

Jboss 7.1.0 OS Windows

I am trying a simple test to try out JMS using Jboss with the built in HornetQ JMS provider. After a lot of playing around i managed to get a response with this configuration

        final Properties env = new Properties();
        env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
        env.put(Context.PROVIDER_URL, "remote://localhost:4447");
        env.put(Context.SECURITY_PRINCIPAL, "appuser2");
        env.put(Context.SECURITY_CREDENTIALS, "s3cr3t");        

The problem though is that when i run it i get the following error:

javax.jms.JMSSecurityException: Unable to validate user: null
    at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:286)
    at org.hornetq.core.client.impl.ClientSessionFactoryImpl.createSessionInternal(ClientSessionFactoryImpl.java:695)
    at org.hornetq.core.client.impl.ClientSessionFactoryImpl.createSession(ClientSessionFactoryImpl.java:264)
    at org.hornetq.jms.client.HornetQConnection.authorize(HornetQConnection.java:589)
    at org.hornetq.jms.client.HornetQConnectionFactory.createConnectionInternal(HornetQConnectionFactory.java:694)
    at org.hornetq.jms.client.HornetQConnectionFactory.createConnection(HornetQConnectionFactory.java:121)
    at org.hornetq.jms.client.HornetQConnectionFactory.createConnection(HornetQConnectionFactory.java:116)
    at com.jms.client.ConsoleClient.runExample(ConsoleClient.java:51)
    at com.jms.client.ConsoleClient.main(ConsoleClient.java:20)
Caused by: HornetQException[errorCode=105 message=Unable to validate user: null]
    ... 9 more

I have been looking around on Google and every example seems to point to how to configure the security settings with HornetQ as a standalone server. I cant figure out how to configure the user on Jboss and whether i even need to.

Any ideas?

I agree with Sergiu and would add the queue can be set up without requiring username and password.

It seems that you create a QueueConnection with a username and password as following:

QueueConnection qcon = qconFactory.createQueueConnection("appuser2","s3cr3t");

If you don't do this you will get this error

Unable to validate user: null.

And if you do not want to use username and password, you can set security-enabled with value false as following:

<subsystem xmlns="urn:jboss:domain:messaging:1.1">
     <hornetq-server>
         <security-enabled>false</security-enabled>
         ......
     </hornetq-server>
</subsystem>

Then you can create a QueueConnection without a username and password as following:

QueueConnection qcon = qconFactory.createQueueConnection();

Check your standalone-full.xml. If the configurations for role in urn:jboss:domain:messaging-activemq:1.0 look like this:

<security-setting name="#">
   <role name="guest" send="true" consume="true" create-non-durable-queue="true" delete-non-durable-queue="true"/>
</security-setting>

Then, you have to:

1. Create a guest user (make sure you set the role guest to the user);
2. Set initial context as below:

Properties props = new Properties();
props.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");
props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
props.put(Context.SECURITY_PRINCIPAL, "username");
props.put(Context.SECURITY_CREDENTIALS, "password");
InitialContext ctx = new InitialContext(props);

3. Create context as below:

ConnectionFactory cf = (ConnectionFactory) ctx.lookup("jms/RemoteConnectionFactory");
Queue queue = (Queue) ctx.lookup("jms/queue/queueName");
JMSContext context = cf.createContext("username", "password");

it worked for me. I just added following in standalone-full.xml:

            <security-enabled>false</security-enabled> 

If someone is using JBoss EAP 7.2 version, then here is the solution.

If you don't want to disable the security by adding the tag <security enabled="false"/>, and wish to authenticate with username and password, then please follow the below steps.

1. Whatever username (say, 'jmsuser') and password (say, 'pass') you have written in your code, that exact user ('jmsuser') needs to be created first in JBoss. Please use the add-user utility under bin folder and add the user as an application user and assign it to the "guest" role, when prompted.

2. After the above step, the username and the role details can be found in the application-role.properties and application-users.properties file \standalone\configuration path.

3. Restart the JBoss server.

4. Assuming you are using JMS 2.0 specification, then create the JMSContext like below.

JMSContext jmsCtx = connectionFactory.createContext("jmsuser", "pass");

5. Run the code now and you will not face this error again.

If you are using WildFly 10+ (I use WildFly 18), you have to disable security by adding:

<security enabled="false"/>

in your standalone-full.xml (wildFly directory/standalone/configuration) inside of:

    <subsystem xmlns="urn:jboss:domain:messaging-activemq:8.0">

and

<server name="default">

Something like that:

<subsystem xmlns="urn:jboss:domain:messaging-activemq:8.0">
                <server name="default">
			
                <!-- Disable security with the following row, otherwise of course it will give error without authentication in java -->
                <security enabled="false"/>
				
                <statistics enabled="${wildfly.messaging-activemq.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
                <security-setting name="#">
                    <role name="guest" send="true" consume="true" create-non-durable-queue="true" delete-non-durable-queue="true"/>
                </security-setting>
                <address-setting name="#" dead-letter-address="jms.queue.DLQ" expiry-address="jms.queue.ExpiryQueue" max-size-bytes="10485760" page-size-bytes="2097152" message-counter-history-day-limit="10"/>
                <http-connector name="http-connector" socket-binding="http" endpoint="http-acceptor"/>
                <http-connector name="http-connector-throughput" socket-binding="http" endpoint="http-acceptor-throughput">
                    <param name="batch-delay" value="50"/>
                </http-connector>
                <in-vm-connector name="in-vm" server-id="0">
                    <param name="buffer-pooling" value="false"/>
                </in-vm-connector>
                <http-acceptor name="http-acceptor" http-listener="default"/>
                <http-acceptor name="http-acceptor-throughput" http-listener="default">
                    <param name="batch-delay" value="50"/>
                    <param name="direct-deliver" value="false"/>
                </http-acceptor>
                <in-vm-acceptor name="in-vm" server-id="0">
                    <param name="buffer-pooling" value="false"/>
                </in-vm-acceptor>
                <jms-queue name="ExpiryQueue" entries="java:/jms/queue/ExpiryQueue"/>
                <jms-queue name="DLQ" entries="java:/jms/queue/DLQ"/>
                <!-- Adding a new queue -->
		<jms-queue name="ShippingQueue" entries="java:jboss/exported/jms/queue/ShippingQueue"/>
				

                <connection-factory name="InVmConnectionFactory" entries="java:/ConnectionFactory" connectors="in-vm"/>
                <connection-factory name="RemoteConnectionFactory" entries="java:jboss/exported/jms/RemoteConnectionFactory" connectors="http-connector"/>
                <pooled-connection-factory name="activemq-ra" entries="java:/JmsXA java:jboss/DefaultJMSConnectionFactory" connectors="in-vm" transaction="xa"/>

            </server>
        </subsystem>

Check on: https://developer.jboss.org/thread/271457

I agree with Sergiu and would add the queue can be set up without requiring username and password.

Add the queue to jboss using from cli:

jms-topic add --topic-address=testTopic -–entries=topic/test,java:jboss/exported/jms/topic/test

Add the user as follows:

add-user.bat -a -u mquser -p mqpassword -g guest

Consumer paste the code in main method:

Properties properties = new Properties();
properties.put(Context.INITIAL_CONTEXT_FACTORY,"org.wildfly.naming.client.WildFlyInitialContextFactory");
properties.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");
properties.put("jboss.naming.client.ejb.context", true);
properties.put("java.naming.security.principal", "mquser");
properties.put("java.naming.security.credentials", "mqpassword");
properties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

QueueConnection cnn = null;
QueueSender sender = null;
QueueSession session = null;
InitialContext ctx = new InitialContext(properties);
Queue queue = (Queue) ctx.lookup("jms/queue/tests");
QueueConnectionFactory factory = (QueueConnectionFactory) ctx.lookup("jms/RemoteConnectionFactory");
cnn =  factory.createQueueConnection("mquser", "mqpassword");
cnn.start();

session = cnn.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE);
TextMessage msg = session.createTextMessage("Hello World");
sender = session.createSender(queue);
sender.send(msg);

System.out.println("Message sent successfully to remote queue.");

@MessageDriven(name = "ExampleMDB", activationConfig = {
    @ActivationConfigProperty(propertyName = "destination", propertyValue = "testQueues"), @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue"),
    @ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "Auto-acknowledge")
public class ExampleMDB implements MessageListener {

    /**
     * Default constructor. 
     */
    public ExampleMDB() {
        // TODO Auto-generated constructor stub
    }


    @Override
    public void onMessage(Message arg0) {
        System.out.println("----------------");
        try {
            System.out.println("Received message" + ((TextMessage)arg0).getText());
        } catch (JMSException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        System.out.println("----------------");

    }

}