[jboss-user] [JBoss Messaging] - Problem with user authorization using JBM Bridge configuatio

armsargis do-not-reply at jboss.com
Wed Apr 8 11:15:11 EDT 2009 

Hi all I am trying to configure JBM Bridge here is my test configuration:

jms-ds.xml:
  
  |     <mbean code="org.jboss.jms.jndi.JMSProviderLoader"
  |           name="jboss.messaging:service=JMSProviderLoader,name=JMSProvider">
  |       <attribute name="ProviderName">DefaultJMSProvider</attribute>
  |       <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JNDIProviderAdapter</attribute>
  |       <attribute name="FactoryRef">java:/XAConnectionFactory</attribute>
  |       <attribute name="QueueFactoryRef">java:/XAConnectionFactory</attribute>
  |       <attribute name="TopicFactoryRef">java:/XAConnectionFactory</attribute>
  |    </mbean>
  | 
  |     <mbean code="org.jboss.jms.jndi.JMSProviderLoader"
  |         name="jboss.messaging:service=JMSProviderLoader,name=SOClassRemoteJMSProvider">
  |             <attribute name="ProviderName">SOClassRemoteJMSProvider</attribute>
  |             <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JNDIProviderAdapter</attribute>
  |             <!-- The combined connection factory -->
  |             <attribute name="FactoryRef">java:/XAConnectionFactory</attribute>
  |             <!-- The queue connection factory -->
  |             <attribute name="QueueFactoryRef">java:/XAConnectionFactory</attribute>
  |             <!-- The topic factory -->
  |             <attribute name="TopicFactoryRef">java:/XAConnectionFactory</attribute>
  |             <attribute name="Properties">
  |                 java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
  |                 java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
  |                 java.naming.provider.url=192.168.100.78:1099
  |             </attribute>
  |     </mbean>
  | 

*-bridge-service

<?xml version="1.0" encoding="UTF-8"?>
  | <server>
  | 
  |     <mbean code="org.jboss.jms.server.bridge.BridgeService"
  |         name="jboss.jms:service=Bridge,name=SOClassBridge" xmbean-dd="xmdesc/Bridge-xmbean.xml">
  |         <depends optional-attribute-name="SourceProviderLoader">jboss.messaging:service=JMSProviderLoader,name=JMSProvider</depends>
  |         <depends optional-attribute-name="TargetProviderLoader">jboss.messaging:service=JMSProviderLoader,name=SOClassRemoteJMSProvider</depends>
  |         <depends>jboss.messaging.destination:service=Queue,name=SOClassCallbacks</depends>
  |         <attribute name="SourceDestinationLookup">/queue/SOClassCallbacks</attribute>
  |         <attribute name="TargetDestinationLookup">/queue/EllipseRequests</attribute>
  |         <attribute name="SourceUsername">ellipse</attribute>
  |         <attribute name="SourcePassword">ellipse123</attribute>
  |         <attribute name="TargetUsername">soclass</attribute>
  |         <attribute name="TargetPassword">soclass123</attribute>
  |         <!-- Optional: The Quality Of Service mode to use, one of:
  |            QOS_AT_MOST_ONCE = 0;
  |            QOS_DUPLICATES_OK = 1;
  |            QOS_ONCE_AND_ONLY_ONCE = 2;-->
  |         <attribute name="QualityOfServiceMode">0</attribute>
  |         <!--
  |         <attribute name="Selector">specify-jms-selector-here</attribute>
  |         -->
  |         <attribute name="MaxBatchSize">5</attribute>
  |         <attribute name="MaxBatchTime">-1</attribute>
  |         <!--
  |         <attribute name="SubName">mysub</attribute>
  |         -->
  |         <!--
  |         <attribute name="ClientID">myClientID</attribute>
  |         -->
  |         <attribute name="FailureRetryInterval">5000</attribute>
  |         <attribute name="MaxRetries">-1</attribute>
  |         <attribute name="AddMessageIDInHeader">false</attribute>
  |     </mbean>
  | 
  | </server>

according my configs I want automatically forward messages from JMSProvider:/queue/SOClassCallbacks to  SOClassRemoteJMSProvider:/queue/EllipseRequests.

But I have problem with authorization, here is outputs with trace log level from JMSProvider:

16:50:38,446 TRACE [SecurityAspect] checking access permissions to JBossQueue[EllipseRequests]
  | 16:50:38,446 DEBUG [JBossASSecurityMetadataStore] No SecurityMetadadata was available for EllipseRequests, using default security config
  | 16:50:38,446 TRACE [SecurityMetadata] Adding role: Role {name=guest;read=true;write=true;create=true}
  | 16:50:38,446 TRACE [JBossASSecurityMetadataStore] authenticating user soclass
  | 16:50:38,447 TRACE [JBossASSecurityMetadataStore] authorizing user soclass for role(s) [guest]
  | 16:50:38,447 TRACE [JBossASSecurityMetadataStore] user soclass is NOT authorized
  | 16:50:38,447 WARN  [Bridge] jboss.jms:name=SOClassBridge,service=Bridge Failed to send + acknowledge batch, closing JMS objects
  | javax.jms.JMSSecurityException: User: soclass is not authorized to write to destination EllipseRequests
  | 	at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:312)
  | 	at org.jboss.jms.server.container.SecurityAspect.handleSendTransaction(SecurityAspect.java:190)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  | 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  | 	at java.lang.reflect.Method.invoke(Method.java:597)
  | 	at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:122)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
  | 	at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
  | 	at org.jboss.jms.server.endpoint.advised.ConnectionAdvised.sendTransaction(ConnectionAdvised.java)
  | 	at org.jboss.jms.wireformat.ConnectionSendTransactionRequest.serverInvoke(ConnectionSendTransactionRequest.java:82)
  | 	at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143)
  | 	at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908)
  | 	at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106)
  | 	at org.jboss.remoting.Client.invoke(Client.java:1708)
  | 	at org.jboss.remoting.Client.invoke(Client.java:612)
  | 	at org.jboss.remoting.Client.invoke(Client.java:600)
  | 	at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:189)
  | 	at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:160)
  | 	at org.jboss.jms.client.delegate.ClientConnectionDelegate.org$jboss$jms$client$delegate$ClientConnectionDelegate$sendTransaction$aop(ClientConnectionDelegate.java:221)
  | 
  | 

as I noticed JBM trying to authorize  remote soclass user  using local Security configs. Can you provide any info why its like this? Please note my remote configs is ok I tested it with JMS client application and I am able to read and write ti this queue

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4224395#4224395

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4224395

More information about the jboss-user mailing list