[jboss-user] [Security] - jboss5: credentials get lost when creating jms connection

lvonk2000 do-not-reply at jboss.com
Wed Sep 16 05:27:38 EDT 2009 

Hi,

We are migrating to jboss 5.1.x jdk6 and are experiencing the following problem.

>From an EJB we want to put a message on a JMS Queue. When opening a connection via the connectionfactory the current credentials get lost. So in code:


  | @Stateless
  | @RolesAllowed({"admin", "user", "MY_SYSTEM"})
  | @RunAs("MY_SYSTEM")
  | public class MyBean implements BeanService {
  | 
  |     @Resource(mappedName = "/XAConnectionFactory")
  |     private ConnectionFactory connectionFactory;
  | 
  |     @Resource(mappedName = "/queue/EmailSenderQueue")
  |     private Queue emailSenderQueue;
  | 
  |     @Resource
  |     private SessionContext context;
  | 
  |     @EJB
  |     private Repository repo;
  | 
  |   public void serviceMethod() {
  |     repo.doSomething();
  |     mail();
  |     // credentials are needed here, but they are lost.
  |     repo.doSomethingElse();
  |   }
  | 
  |   void mail() {
  |     log.info("Principal: " + context.getCallerPrincipal().getName());
  |     log.info("role admin " + context.isCallerInRole("admin"));
  |     log.info("role MY_SYSTEM " + context.isCallerInRole("MY_SYSTEM"));
  | 
  |     connection = connectionFactory.createConnection();
  | 
  |     log.info("Principal: " + context.getCallerPrincipal().getName());
  |     log.info("role admin " + context.isCallerInRole("admin"));
  |     log.info("role MY_SYSTEM " + context.isCallerInRole("MY_SYSTEM"));
  | 
  |     Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
  |     // REST OMITTED
  |   }
  | 
  | 
  | }
  | 
  | 

I added the log statements and from that I can see that the credentials are lost after the statement  connection = connectionFactory.createConnection();

The following is logged:


  | Principal: test
  | role admin true
  | role MY_SYSTEM true
  | 
connection = connectionFactory.createConnection(); executes then:


  | Principal: anonymous
  | role admin false
  | role MY_SYSTEM false
  | 

What happens is that when the method serviceMethod() is called then the call to the     repo.doSomething(); succeeds but the call to repo.doSomethingElse(); does not, saying it is unauthorized. 

My question is basically, how do I keep the credentials when after a JMS connection?

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4255475#4255475

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4255475

More information about the jboss-user mailing list