Re: [jboss-user] [JBoss Web Services CXF] - Continuing problem with XTS WS-T tests in AS trunk/CXF 2.2.9
by Andrew Dinn
Andrew Dinn [http://community.jboss.org/people/adinn] replied to the discussion
"Continuing problem with XTS WS-T tests in AS trunk/CXF 2.2.9"
To view the discussion, visit: http://community.jboss.org/message/553969#553969
--------------------------------------------------------------
Hi Jim,
I am not sure what is different in my code that makes request.getScheme() fail with an NPE while your code works ok but I think it is just luck.
I traced execution through a test case and it appears that the incoming message relates to a valid request. Because this is a one way message there is a handover of control in ContextUtils at line 416
> 416 inMessage.getInterceptorChain().pause();
>
>
> // ... and resume on executor thread
> getExecutor(inMessage).execute(new Runnable() {
> public void run() {
> 421 inMessage.getInterceptorChain().resume();
> }
>
I checked the request by stopping at 416 and looking up the stack to find the request. The HttpServletRequest object is actually a facade object which indirects to an underlying catalina connector request. It had a name like "Current Servlet stack for thread http-127.0.0.1-8080-1 [S] ActivationService [org.jboss.wsf.stack.cxf.CXFServletExt]". request.getScheme() worked on this object without a NPE.
I picked control up again in the debugger at 421 but, of course, there was no servlet method up the stack where I coudl locate the request. So, I proceeded to step through the code until the ServiceInvokerInterceptor was called. In AbstractInvoker.invoke() the web service context is set up
> public Object invoke(Exchange exchange, Object o)
> {
> // set up the webservice request context
> WrappedMessageContext ctx = new WrappedMessageContext(exchange.getInMessage(), Scope.APPLICATION);
>
> Map<String, Object> handlerScopedStuff = removeHandlerProperties(ctx);
>
> WebServiceContextImpl.setMessageContext(ctx);
>
> 101 Object retObj = null;
At line 101 I evaluated ctx.get("HTTP.REQUEST") and got another facade hiding a catalina connector request with name "Current Servlet stack for thread default-workqueue-2". However all the fields of this catalina connector request appear to be uninitialised and getScheme() returns null. So, this looks to me like the request is coming out of a thread local and it is pot luck whether the object behind the facade has been initialised or not. IN your tests it may be that a previous call has set values in this object.
regards,
Andrew Dinn
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/553969#553969]
Start a new discussion in JBoss Web Services CXF at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 11 months
[JBoss Messaging] - Securing JBoss Messaging and EJB3
by Alexander Hartner
Alexander Hartner [http://community.jboss.org/people/ejb3workshop] created the discussion
"Securing JBoss Messaging and EJB3"
To view the discussion, visit: http://community.jboss.org/message/553934#553934
--------------------------------------------------------------
I would like to ensure all access to any JMS destination is authenticated so I disabled the guest account in messaging-service.xml
>
> <attribute name="DefaultSecurityConfig">
>
> <security>
>
> <role name="jmsuser" read="true" write="true" create="true"/>
>
> </security>
>
> </attribute>
I then added a new users to messaging-roles.properties and messaging-users.properties.
Now my problem is how can I get my application to access the queues. I am using EJB3 annotations as well as dependency injection for the connection factory and destinations. I was hoping to link the entire application to an application-policy specified in login-config.xml using something like this, in a similar way passwords are set on datasources:
> <application-policy name="EncryptJMSPassword">
> <authentication>
> <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
> <module-option name="username"> jmsuser </module-option>
> <module-option name="password">XXXXXXXXXXXXXXXXXXXXXXXXX</module-option>
> </login-module>
> </authentication>
> </application-policy>
and then to specify the policyname in either jboss.xml or jboss-app.xml. However I haven't found a way of doing this. I did get the application deployed using :
> * <activation-config>*
>
>
> *
> <activation-config-property>*
>
>
> *
> <activation-config-property-name>user</activation-config-property-name>*
>
>
> *
> <activation-config-property-value> jmsuser </activation-config-property-value>*
>
>
> *
> </activation-config-property>*
>
>
> *
> <activation-config-property>*
>
>
> *
> <activation-config-property-name>password</activation-config-property-name>*
>
>
> *
> <activation-config-property-value>jmspassword</activation-config-property-value>*
>
>
> *
> </activation-config-property>*
>
>
> *
> </activation-config>*
in ejb-jar.xml, however this only addresses the reading of messages from a queue, I believe. It also has to be done on each bean which is not ideal and not very flexible as the password is hard coded inside the ear.
Are there any more elegant options of granting one application unrestricted access to any JMS resources.
Without specifying these I am getting the following error message during startup:
> javax.jms.JMSSecurityException: User: null is not authorized to read from destination TransactionJobs
> at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:312)
> at org.jboss.jms.server.container.SecurityAspect.handleCreateConsumerDelegate(SecurityAspect.java:112)
as well as:
> 20:04:43,097 FATAL [ConfigurationMonitor] Authentication failure
> javax.ejb.EJBAccessException: Authentication failure
> at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
> at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
> at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/553934#553934]
Start a new discussion in JBoss Messaging at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]
13 years, 11 months