[jboss-user] [JBoss Messaging] - Re: JBM and JAAS Client authentication

mskonda do-not-reply at jboss.com
Thu Aug 2 04:20:30 EDT 2007 

I am not sure if this is related or not - I was getting the same exception!

I have a test scenario: My MDB calls a Session EJB to do some work - The session EJB essentially uses the JmsXA CF to publish a message. 

The MDB is authenticated properly (using the <mdb-user>, however, the security-domain is not working, which is another issue!) and calls the Session EJB. The ejb creates a connection successfully with a username and password however fails with the exact problem you have when creating a session (I am not sure why it's not failing on create connection though). 

However, I *got* through the problem: I have changed the security domain policy for JmsXa to reflect my own application policy (the policy has been instantiated earlier during the application startup).

I am not sure whether it's a wrong doing or okay doing but I have a sneaky feeling that I'm breaking something.

Here's my JmsXa definition: 

  | <!-- JMS XA Resource adapter, use this to get transacted JMS in beans -->
  |    <tx-connection-factory>
  |       <jndi-name>JmsXA</jndi-name>
  |       <xa-transaction/>
  |       <rar-name>jms-ra.rar</rar-name>
  |       <connection-definition>org.jboss.resource.adapter.jms.JmsConnectionFactory</connection-definition>
  |       <config-property name="SessionDefaultType" type="java.lang.String">javax.jms.Topic</config-property>
  |       <config-property name="JmsProviderAdapterJNDI" type="java.lang.String">java:/DefaultJMSProvider</config-property>
  |       <max-pool-size>20</max-pool-size>
  |       <security-domain-and-application>java:/MyPolicy</security-domain-and-application>
  |       <!--security-domain-and-application>JmsXARealm</security-domain-and-application-->
  |       <depends>jboss.messaging:service=ServerPeer</depends>
  |    </tx-connection-factory>
  | 

The modified MyPolicy is defined in login-config.xml as below:


  | <application-policy name="MyPolicy">
  |     <authentication>
  |       <login-module code="com.my.SecureLoginModule" flag="required">
  |         <module-option name="username">myself</module-option>
  |         <module-option name="password">Rqm8QqlcszYlZdf/eNDpx</module-option>
  |         <module-option name="securePropertiesFile">secure.properties.xml</module-option>
  |         <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=MyJMSDS</module-option>
  |       </login-module>
  |     </authentication>
  |   </application-policy>
  | 

Bear in mind this MyPolicy is instantiated earlier during Datasource deployment!


One thing I've noticed is that if I change <security-domain-and-application> in the JmsXa definition to use a new JmsXARealm (I've to modify the existing one as the existing JmsXARealm policy is using ConfiguredIdentityLoginModule) exactly same as above except the name, it doesn't work! I guess this is due to the fact that this particular policy is *not* instantiated by any other components.

Hope this might rub the salt!

Thanks
Madhu
 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4069972#4069972

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4069972

More information about the jboss-user mailing list