[jboss-user] [JBoss Messaging] - Security issue while connecting MDB to remote Topic
sappenin
do-not-reply at jboss.com
Thu Apr 17 15:00:18 EDT 2008
I have two JBoss Instances/servers -- ServerA [10.1.1.101] & ServerB [10.1.1.102].
I have a Topic deployed on ServerA, and an EJB3 MDB on ServerB that is attempting to connect to the remote Topic on ServerA. I have followed all of the directions in the messaging wiki to connect an EJB3 MDB to a remote queue/topic, and everything works fine (see here: http://wiki.jboss.org/wiki/en/HowDoIConfigureAnEJB3MDBToTalkToARemoteQueue?action=e&windowstate=normal&mode=view).
However, when I remove the "guest" role from the Topic MBean configuration (see below). then the EJB3 MDB on ServerB is unable to connect to the remote topic. However, I have setup username/password in various places (see below).
Is there a proper way I can subscribe/connect to a remote Topic that is secured?
(By the way, MDB's on ServerA *are* able to connect/subscribe to the Topic on serverA, so I know my security store is setup properly, with the appropriate user/passwords defined).
*** MBEAN Deployed on ServerA to create the Topic ***
| <mbean
| code="org.jboss.jms.server.destination.TopicService"
| name="jboss.messaging.destination:service=Topic,name=CoolTopic"
| xmbean-dd="xmdesc/Topic-xmbean.xml"
| >
| <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
| <depends>jboss.messaging:service=PostOffice</depends>
| <attribute name="JNDIName">topic/coolTopic</attribute>
| <attribute name="SecurityConfig">
| <security>
| <role
| name="system"
| read="true"
| write="true"
| create="true"
| />
| </security>
| </attribute>
| </mbean>
|
*** JMS REMOTE PROVIDER DEPLOYED ON SERVERB, POINTING TO SERVERA ***
<!-- The JMS Remote Provider (used to receive messages from the CoolTopic on ServerA -->
| <mbean
| code="org.jboss.jms.jndi.JMSProviderLoader"
| name="jboss.messaging:service=JMSProviderLoader,name=RemoteJMSProvider,server=remotehost"
| >
| <attribute name="ProviderName">RemoteJMSProvider</attribute>
| <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JNDIProviderAdapter</attribute>
| -->
| <!-- The connection factory -->
| <attribute name="FactoryRef">java:/XAConnectionFactory</attribute>
| <!-- The queue connection factory -->
| <attribute name="QueueFactoryRef">java:/XAConnectionFactory</attribute>
| <!-- The topic factory -->
| <attribute name="TopicFactoryRef">java:/XAConnectionFactory</attribute>
| <!-- Connect to JNDI on the host "the-remote-host-name" port 1099-->
| <attribute name="Properties">
| java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
| java.naming.factory.url.pkgs=org.jnp.interfaces
| java.naming.provider.url=10.1.1.101:1099
| java.naming.security.principal=system
| java.naming.security.credentials=password
| </attribute>
| </mbean>
*** EJB3 MDB DECLARATION FOR MDB ON SERVERB ***
| @MessageDriven(activationConfig = {
| @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Topic"),
| @ActivationConfigProperty(propertyName = "destination", propertyValue = "topic/coolTopic"),
| @ActivationConfigProperty(propertyName = "providerAdapterJNDI", propertyValue = "java:/RemoteJMSProvider"),
| @ActivationConfigProperty(propertyName = "subscriptionDurability", propertyValue = "Durable"),
| @ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "AUTO_ACKNOWLEDGE"),
| @ActivationConfigProperty(propertyName = "subscriptionName", propertyValue = "coolSubscription"),
| @ActivationConfigProperty(propertyName = "user", propertyValue = "system"),
| @ActivationConfigProperty(propertyName = "password", propertyValue = "password")
| }, messageListenerInterface = MessageListener.class)
| @TransactionManagement(value = TransactionManagementType.CONTAINER)
| @RunAs("system")
| @RolesAllowed( {
| "admin", "system"
| })
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4144982#4144982
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4144982
More information about the jboss-user
mailing list