[jboss-jira] [JBoss JIRA] Commented: (JBMESSAGING-1794) SecurityStore not applied correctly
Howard Gao (JIRA)
jira-events at lists.jboss.org
Wed Apr 28 02:45:11 EDT 2010
[ https://jira.jboss.org/jira/browse/JBMESSAGING-1794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12527824#action_12527824 ]
Howard Gao commented on JBMESSAGING-1794:
-----------------------------------------
The 'SuckerPassword' defined in messaging-jboss-beans is used to initialize the JBossASSecurfityMetadataStore bean. whereas the "SuckerPassword" in messaging-service.xml is used to initialize the ServerPeer, which in turn initializes its ClusterConnectionManager, which uses this password to create sucker connection to another node.
So it looks like normal to have two places to define the sucker's password, one is at the server side for authentication, the other is at the 'client' side to be passed to the server side for authentication.
If we use JBM's default security manager (SecurityMetadataStore), the two places are unified so only one sucker password is needed.
> SecurityStore not applied correctly
> -----------------------------------
>
> Key: JBMESSAGING-1794
> URL: https://jira.jboss.org/jira/browse/JBMESSAGING-1794
> Project: JBoss Messaging
> Issue Type: Bug
> Components: JMS Security
> Affects Versions: 1.4.6.GA
> Reporter: Justin Bertram
> Assignee: Howard Gao
> Fix For: 1.4.7.GA
>
>
> The "SecurityStore" in messaging-jboss-beans.xml doesn't appear to be getting applied correctly. Steps to reproduce:
> 1) Unzip a fresh copy of JBoss EAP 5
> 2) Change the "suckerPassword" attribute in <JBOSS_HOME>/server/all/deploy/messaging/messaging-jboss-beans.xml
> 3) Activate TRACE logging with this category in <JBOSS_HOME>/server/all/conf/jboss-log4j.xml:
> <category name="org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore">
> <priority value="TRACE"/>
> </category>
> 4) Start the server: <JBOSS_HOME>/bin/run.sh -c all
> 5) This comes up in the log:
> TRACE [org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore] (main) authenticating user JBM.SUCKER
> TRACE [org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore] (main) Authenticating sucker user
> WARN [org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore] (main) WARNING! POTENTIAL SECURITY RISK. It has been detected that the MessageSucker component which sucks messages from one node to another has not had its password changed from the installation default. Please see the JBoss Messaging user guide for instructions on how to do this.
> ERROR [org.jboss.messaging.util.ExceptionUtil] (main) ConnectionFactoryEndpoint[jboss.messaging.connectionfactory:service=ClusterPullConnectionFactory] createFailoverConnectionDelegate [da-yi5epx6g-1-0jhcpx6g-twc79y-100j3]
> javax.jms.JMSSecurityException: User JBM.SUCKER is NOT authenticated
> at org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore.authenticate(JBossASSecurityMetadataStore.java:223)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:93)
> at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:27)
> at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:208)
> at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:120)
> at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:262)
> at javax.management.StandardMBean.invoke(StandardMBean.java:391)
> at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
> at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
> at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
> at $Proxy99.authenticate(Unknown Source)
> at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegateInternal(ServerConnectionFactoryEndpoint.java:233)
> at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegate(ServerConnectionFactoryEndpoint.java:171)
> at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.org$jboss$jms$server$endpoint$advised$ConnectionFactoryAdvised$createConnectionDelegate$aop(ConnectionFactoryAdvised.java:108)
> at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.createConnectionDelegate(ConnectionFactoryAdvised.java)
> at org.jboss.jms.wireformat.ConnectionFactoryCreateConnectionDelegateRequest.serverInvoke(ConnectionFactoryCreateConnectionDelegateRequest.java:91)
> at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:157)
> at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:897)
> at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106)
> at org.jboss.remoting.Client.invoke(Client.java:1917)
> at org.jboss.remoting.Client.invoke(Client.java:768)
> at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.org$jboss$jms$client$delegate$ClientConnectionFactoryDelegate$createConnectionDelegate$aop(ClientConnectionFactoryDelegate.java:178)
> at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeNext(ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java)
> at org.jboss.jms.client.container.StateCreationAspect.handleCreateConnectionDelegate(StateCreationAspect.java:80)
> at org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect_z_handleCreateConnectionDelegate_15295742.invoke(StateCreationAspect_z_handleCreateConnectionDelegate_15295742.java)
> at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeNext(ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java)
> at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.createConnectionDelegate(ClientConnectionFactoryDelegate.java)
> at org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFactory.java:205)
> at org.jboss.jms.client.JBossConnectionFactory.createConnection(JBossConnectionFactory.java:87)
> at org.jboss.messaging.core.impl.clusterconnection.ClusterConnectionManager$ConnectionInfo.start(ClusterConnectionManager.java:669)
> at org.jboss.messaging.core.impl.clusterconnection.ClusterConnectionManager.ensureAllConnectionsCreated(ClusterConnectionManager.java:419)
> at org.jboss.messaging.core.impl.clusterconnection.ClusterConnectionManager.notify(ClusterConnectionManager.java:241)
> at org.jboss.messaging.core.impl.DefaultClusterNotifier.sendNotification(DefaultClusterNotifier.java:72)
> at org.jboss.messaging.core.impl.postoffice.MessagingPostOffice.putReplicantLocally(MessagingPostOffice.java:1245)
> at org.jboss.messaging.core.impl.postoffice.MessagingPostOffice.put(MessagingPostOffice.java:1525)
> at org.jboss.jms.server.connectionfactory.ConnectionFactoryJNDIMapper.registerConnectionFactory(ConnectionFactoryJNDIMapper.java:252)
> at org.jboss.jms.server.connectionfactory.ConnectionFactory.startService(ConnectionFactory.java:206)
> at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:376)
> at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:269)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
> at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
> at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:138)
> at org.jboss.mx.server.Invocation.invoke(Invocation.java:90)
> at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:140)
> at org.jboss.mx.server.Invocation.invoke(Invocation.java:90)
> at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
> at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
> at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
> at $Proxy38.start(Unknown Source)
> at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
> at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
> at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
> at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
> at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
> at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
> at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:297)
> at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1633)
> at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:935)
> at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1083)
> at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:985)
> at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:823)
> at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
> at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
> at org.jboss.system.ServiceController.start(ServiceController.java:460)
> at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
> at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
> at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
> at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
> at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
> at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
> at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1440)
> at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1158)
> at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1179)
> at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1099)
> at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
> at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1633)
> at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:935)
> at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1083)
> at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:985)
> at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:823)
> at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
> at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:782)
> at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
> at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
> at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70)
> at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53)
> at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:403)
> at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
> at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1633)
> at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:935)
> at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1083)
> at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:985)
> at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:775)
> at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:540)
> at org.jboss.system.server.profileservice.repository.AbstractProfileService.registerProfile(AbstractProfileService.java:308)
> at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:256)
> at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:461)
> at org.jboss.Main.boot(Main.java:221)
> at org.jboss.Main$1.run(Main.java:556)
> at java.lang.Thread.run(Thread.java:619)
> It appears that org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint is creating the connection with the password from messaging-jboss-beans.xml, but org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore is authenticating it with the information from messaging-service.xml (which uses the default password since "SuckerPassword" is commented out).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list