[jboss-user] [JBoss Messaging] - Securing Queues fails when using JmsXA

Eugen Grosu do-not-reply at jboss.com
Wed Dec 15 10:45:47 EST 2010 

grosueugen [http://community.jboss.org/people/grosueugen] created the discussion

"Securing Queues fails when using JmsXA"

To view the discussion, visit: http://community.jboss.org/message/576154#576154

--------------------------------------------------------------
Hello,

I'm using JBoss 5.1.0.GA, jdk 1.6, on Linux.

I need to use distributed transaction with JBoss Messaging, so I used JmsXA for the connection factory.

I changed the DB for messaging, so I used Oracle DB.

With the default security, I was able to send/consume messages to a Queue.

I decided to add a user in the Oracle DB, and that user to have rights to send/receive messages from my Queue.

So, I did the following:

1. create a new user in the Oracle DB:

+INSERT INTO JBM_USER (USER_ID, PASSWD, CLIENTID) VALUES ('my-user', 'my-user-pwd', null);
   INSERT INTO JBM_ROLE (ROLE_ID, USER_ID) VALUES ('my-role', 'my-user');
+

2. in code, when obtaining a connection, I would use the username: "my-user", password: "my-user-pwd":

+Connection connection = connectionFactory.createConnection("my-user", "my-user-pwd");+

3. I created a new file for defining destinations, named, my-jms-service.xml, and put it in xxx/deploy/

+  <?xml version="1.0" encoding="UTF-8"?>+
+<server>         
     <mbean code="org.jboss.jms.server.destination.QueueService"
      name="orvaal.rtra.jms.destination:service=Queue,name=MyQueue"
      xmbean-dd="xmdesc/Queue-xmbean.xml">
      <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
      <depends>jboss.messaging:service=PostOffice</depends>+
+      <attribute name="SecurityConfig">
         <security>
            <role name="my-role" read="true" write="true"/>
         </security>
      </attribute>+
+    </mbean>
+
+</server>+

4. In xxx/conf/login-config.xml, I created a new <application-policy>:

+<application-policy name="MyJmsXARealm">
    <authentication>
         <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
        <module-option name="dsJndiName">java:/jdbc/MyXAOracleDSJms</module-option>
            <module-option name="principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option>
            <module-option name="rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option>
         </login-module>
      </authentication>
  </application-policy>+

+java:/jdbc/MyXAOracleDSJms+ is the JNDI name for the datasource configured for the Oracle DB used by JBoss Messaging

5. In xxx/deploy/messaging/jms-ds.xml, I edited the JmsXA to know of the created MyJmsXARealm:
+
+
+    <!-- JMS XA Resource adapter, use this to get transacted JMS in beans -->
   <tx-connection-factory>
      <jndi-name>JmsXA</jndi-name>
      <xa-transaction/>
      <rar-name>jms-ra.rar</rar-name>
      <connection-definition>org.jboss.resource.adapter.jms.JmsConnectionFactory</connection-definition>
      <config-property name="SessionDefaultType" type="java.lang.String">javax.jms.Topic</config-property>
      <config-property name="JmsProviderAdapterJNDI" type="java.lang.String">java:/DefaultJMSProvider</config-property>
      <max-pool-size>20</max-pool-size>
      <!-- COMMENTED THE INITIAL REALM <security-domain-and-application>JmsXARealm</security-domain-and-application> -->
      <security-domain-and-application>MyJmsXARealm</security-domain-and-application>
      <depends>jboss.messaging:service=ServerPeer</depends>
   </tx-connection-factory>+

The error is:

2010-12-15 15:27:53,374 ERROR [org.jboss.resource.adapter.jms.JmsSessionFactoryImpl] (http-127.0.0.1-8080-1) could not create session
java.lang.SecurityException: Unauthenticated caller:null
    at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:92)
    at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
    at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
    at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
    at org.jboss.resource.adapter.jms.JmsSessionFactoryImpl.allocateConnection(JmsSessionFactoryImpl.java:395)
    at org.jboss.resource.adapter.jms.JmsSessionFactoryImpl.createSession(JmsSessionFactoryImpl.java:374)
    at MySLSB.addToMyQueue(MySLSB.java:103)

Have I done something wrong?

Thanks.
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/576154#576154]

Start a new discussion in JBoss Messaging at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2042]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20101215/b0b658df/attachment.html

More information about the jboss-user mailing list