@Override
  @Before
  public void setUp() throws Exception {
    super.setUp();

    Configuration config = createDefaultInVMConfig().setSecurityEnabled(true);
    server = addServer(ActiveMQServers.newActiveMQServer(config, false));
    server.start();

    notifQueue = RandomUtil.randomSimpleString();

    ActiveMQJAASSecurityManager securityManager =
        (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addUser("admin", "admin");
    securityManager.getConfiguration().addUser("guest", "guest");
    securityManager.getConfiguration().setDefaultUser("guest");

    Role role = new Role("notif", true, true, true, true, true, true, true, true, true, true);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    server
        .getSecurityRepository()
        .addMatch(
            ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress().toString(),
            roles);

    securityManager.getConfiguration().addRole("admin", "notif");

    ServerLocator locator = createInVMNonHALocator();
    ClientSessionFactory sf = createSessionFactory(locator);
    adminSession = sf.createSession("admin", "admin", false, true, true, false, 1);
    adminSession.start();

    adminSession.createTemporaryQueue(
        ActiveMQDefaultConfiguration.getDefaultManagementNotificationAddress(), notifQueue);

    notifConsumer = adminSession.createConsumer(notifQueue);
  }
  @Test
  public void testSECURITY_PERMISSION_VIOLATION() throws Exception {
    SimpleString queue = RandomUtil.randomSimpleString();
    SimpleString address = RandomUtil.randomSimpleString();

    // guest can not create queue
    Role role =
        new Role(
            "roleCanNotCreateQueue", true, true, false, true, false, true, true, true, true, true);
    Set<Role> roles = new HashSet<>();
    roles.add(role);
    server.getSecurityRepository().addMatch(address.toString(), roles);
    ActiveMQJAASSecurityManager securityManager =
        (ActiveMQJAASSecurityManager) server.getSecurityManager();
    securityManager.getConfiguration().addRole("guest", "roleCanNotCreateQueue");

    SecurityNotificationTest.flush(notifConsumer);

    ServerLocator locator = createInVMNonHALocator();
    ClientSessionFactory sf = createSessionFactory(locator);
    ClientSession guestSession = sf.createSession("guest", "guest", false, true, true, false, 1);

    try {
      guestSession.createQueue(address, queue, true);
      Assert.fail(
          "session creation must fail and a notification of security violation must be sent");
    } catch (Exception e) {
    }

    ClientMessage[] notifications = SecurityNotificationTest.consumeMessages(1, notifConsumer);
    Assert.assertEquals(
        SECURITY_PERMISSION_VIOLATION.toString(),
        notifications[0].getObjectProperty(ManagementHelper.HDR_NOTIFICATION_TYPE).toString());
    Assert.assertEquals(
        "guest", notifications[0].getObjectProperty(ManagementHelper.HDR_USER).toString());
    Assert.assertEquals(
        address.toString(),
        notifications[0].getObjectProperty(ManagementHelper.HDR_ADDRESS).toString());
    Assert.assertEquals(
        CheckType.CREATE_DURABLE_QUEUE.toString(),
        notifications[0].getObjectProperty(ManagementHelper.HDR_CHECK_TYPE).toString());

    guestSession.close();
  }