[jboss-user] [JBoss Messaging] - MDB Security Vs JBM Security

mskonda do-not-reply at jboss.com
Tue Mar 11 07:33:26 EDT 2008

Hello Team

I have a situation - I got an MDB that needs by passing the secured JMS Server. 

That is, I have a secured JBM using DatabaseLoginModule. 
The login-config.xml's messaging domain reflects use of this module.
The messaging-service.xml is updated to add the DefaultSecurityConfig.

Now, I want the external clients to get authenticated and authorised while my MDB should by pass. 

So, I've added unauthenticatedIdentity as 'guest' to the 'messaging' applicaiton policy in login-config.xml

I've added the relevant security-identity and security-role to the ejb-jar.xml.

I've also added security-domain to the jboss.xml - I've pointed to java:jaas/messaging (tried with 'other' too). Iv'e added the security-domain to the container configuraiton too.

Inspite of doign this, when I deploy my MDB it complains saying the user null is not authenticated. 

I'll appreciate if someone thorws a bit of light on this issue.

(My understanding is that MDB uses the DefaultJMSProvider which inturns uses the default (XA)ConnectionFactory which I think uses the 'messaging' applicaiton policy - right or wrong?)


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4135578#4135578

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4135578

More information about the jboss-user mailing list