[jboss-user] [JBoss Messaging] - Security config in 1.2.0.sp1

pascallambert do-not-reply at jboss.com
Wed May 2 11:48:06 EDT 2007 

I've install jbm 1.2.0.sp1 on a default JBAS 4.0.5GA like mentionned in the install guide but when I try to run our apps on it i'm getting the following exception:

javax.jms.JMSSecurityException: User: admin is not authorized to read from destination rawdata
  | 	at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:260)
  | 	at org.jboss.jms.server.container.SecurityAspect.handleCreateConsumerDelegate(SecurityAspect.java:107)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  | 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  | 	at java.lang.reflect.Method.invoke(Method.java:597)
  | 	at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:121)
  | 	at org.jboss.jms.server.endpoint.advised.SessionAdvised$createConsumerDelegate_6311124154581125663.invokeNext(SessionAdvised$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105)
  | 	at org.jboss.jms.server.endpoint.advised.SessionAdvised$createConsumerDelegate_6311124154581125663.invokeNext(SessionAdvised$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.server.endpoint.advised.SessionAdvised.createConsumerDelegate(SessionAdvised.java)
  | 	at org.jboss.jms.wireformat.SessionCreateConsumerDelegateRequest.serverInvoke(SessionCreateConsumerDelegateRequest.java:95)
  | 	at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:125)
  | 	at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:734)
  | 	at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:553)
  | 	at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:377)
  | 	at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:159)
  | 	at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:163)
  | 	at org.jboss.remoting.Client.invoke(Client.java:1544)
  | 	at org.jboss.remoting.Client.invoke(Client.java:530)
  | 	at org.jboss.remoting.Client.invoke(Client.java:518)
  | 	at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:184)
  | 	at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:155)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate.org$jboss$jms$client$delegate$ClientSessionDelegate$createConsumerDelegate$aop(ClientSessionDelegate.java:230)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.client.container.StateCreationAspect.handleCreateConsumerDelegate(StateCreationAspect.java:147)
  | 	at org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect30.invoke(StateCreationAspect30.java)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.client.container.ConsumerAspect.handleCreateConsumerDelegate(ConsumerAspect.java:68)
  | 	at org.jboss.aop.advice.org.jboss.jms.client.container.ConsumerAspect29.invoke(ConsumerAspect29.java)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.client.container.FailoverValveInterceptor.invoke(FailoverValveInterceptor.java:91)
  | 	at org.jboss.aop.advice.PerInstanceInterceptor.invoke(PerInstanceInterceptor.java:105)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.client.container.ClosedInterceptor.invoke(ClosedInterceptor.java:171)
  | 	at org.jboss.aop.advice.PerInstanceInterceptor.invoke(PerInstanceInterceptor.java:105)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.client.container.ExceptionInterceptor.invoke(ExceptionInterceptor.java:71)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.client.container.ClientLogInterceptor.invoke(ClientLogInterceptor.java:107)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java)
  | 	at org.jboss.jms.client.delegate.ClientSessionDelegate.createConsumerDelegate(ClientSessionDelegate.java)
  | 	at org.jboss.jms.client.JBossSession.createConsumer(JBossSession.java:237)
  | 	at org.jboss.jms.client.JBossSession.createSubscriber(JBossSession.java:432)
  | 	at com.wmx.tools.TopicReaderCommand.setUpJmsSubscription(TopicReaderCommand.java:93)
  | 	at com.wmx.tools.TopicReaderCommand.execute(TopicReaderCommand.java:69)
  | 	at com.wmx.tools.CommandTool.main(CommandTool.java:46)
  | 	at com.wmx.tools.TopicReaderCommand.main(TopicReaderCommand.java:63)
  | 

I'm using JBoss AS 4.0.5GA, jboss-messaging 1.2.0 sp1, Java 6.
I've changed the defaultDS to Postgresql and I've removed HSQL config file (both in deploy and in jboss-messaging.sar) and replaced them with Postgresql config files.
It seems to me that the roles are not read properly.
Any idea?

* here is my deploy/postgres-ds.xml file:
<datasources>
  |   <local-tx-datasource>
  |     <jndi-name>DefaultDS</jndi-name>
  |     <connection-url>jdbc:postgresql://localhost/jbossmessaging</connection-url>
  |     <driver-class>org.postgresql.Driver</driver-class>
  |     <user-name>jms</user-name>
  |     <password>jms</password>
  |       <metadata>
  |          <type-mapping>PostgreSQL 7.2</type-mapping>
  |       </metadata>
  |   </local-tx-datasource>
  | </datasources>
  | 

* here is part of my conf/login-config.xml:

<application-policy name = "messaging">
  |        <authentication>
  |           <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |              flag = "required">
  |              <module-option name = "unauthenticatedIdentity">guest</module-option>
  |              <module-option name = "dsJndiName">java:/DefaultDS</module-option>
  |              <module-option name = "principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option>
  |              <module-option name = "rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 

* here is part of my deploy/jboss-messaging.sar/destination-service.xml:

<mbean code="org.jboss.jms.server.destination.TopicService"
  |       name="jboss.messaging.destination:service=Topic,name=rawdata"
  |       xmbean-dd="xmdesc/Topic-xmbean.xml">
  |       <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
  |       <depends>jboss.messaging:service=PostOffice</depends>
  |       <attribute name="JNDIName">rawdata</attribute>
  |       <attribute name="SecurityConfig">
  |          <security>
  |             <role name="umslink" read="true" write="true" create="true"/>
  |          </security>
  |       </attribute>
  |    </mbean>
  | 

* here is part of my deploy/jboss-messaging.sar/postgresql-persistence-service.xml:

<mbean code="org.jboss.jms.server.plugin.JDBCJMSUserManagerService"
  |       name="jboss.messaging:service=JMSUserManager"
  |       xmbean-dd="xmdesc/JMSUserManager-xmbean.xml">
  |       <depends>jboss.jca:service=DataSourceBinding,name=DefaultDS</depends>
  |       <depends optional-attribute-name="TransactionManager">jboss:service=TransactionManager</depends>
  |       <attribute name="DataSource">java:/DefaultDS</attribute>
  |       <attribute name="CreateTablesOnStartup">true</attribute>
  |       <attribute name="SqlProperties"><![CDATA[
  | CREATE_USER_TABLE=CREATE TABLE JBM_USER (USER_ID VARCHAR(32) NOT NULL, PASSWD VARCHAR(32) NOT NULL, CLIENTID VARCHAR(128), PRIMARY KEY(USER_ID))
  | CREATE_ROLE_TABLE=CREATE TABLE JBM_ROLE (ROLE_ID VARCHAR(32) NOT NULL, USER_ID VARCHAR(32) NOT NULL, PRIMARY KEY(USER_ID, ROLE_ID))
  | SELECT_PRECONF_CLIENTID=SELECT CLIENTID FROM JBM_USER WHERE USER_ID=?
  | 
  | POPULATE.TABLES.100 = INSERT INTO JBM_USER (USER_ID, PASSWD, CLIENTID) VALUES ('admin', 'admin', 'admin')
  | POPULATE.TABLES.101 = INSERT INTO JBM_ROLE (ROLE_ID, USER_ID) VALUES ('umslink','admin')
  | POPULATE.TABLES.102 = INSERT INTO JBM_USER (USER_ID,PASSWD,CLIENTID) VALUES ('dilbert','dogbert','dilbert-id')
  |       ]]></attribute>
  |    </mbean>
  | 


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4042489#4042489

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4042489

More information about the jboss-user mailing list