-
1. Re: Authentication and Message Driven Bean
tbfmicke Oct 24, 2001 2:39 PM (in response to claude)Do you have any security declarations on the MDB? Or are you trying to use isCallerInRole or getPrincipal?
Neither of these things should be done, a MDB has no knowledge about the client as such so it cannot have security based on the identity of the client.
(I guess there is some way to put security on topics/queues, only allowing certain clients to send messages, not sure how that is configured in JBoss though). -
2. Re: Authentication and Message Driven Bean
c.f.ong Oct 26, 2001 12:28 AM (in response to claude)Hi
I've encountered the same problem, i.e. after setting the security-domain in the ejb-jar.xml, the MDB throws a security exception - complaining about "username=null".
Without setting the security-domain, the MDB is working fine.
In my case, I'm using a stateless session bean to invoke the MDB. The principal and credentials can be successfully accepted by the session bean, but not the MDB.
So, are there any additional steps in order to forward the principal and credentials to the MDB?
Thanks.
C.F.Ong -
3. Re: Authentication and Message Driven Bean
fede Oct 29, 2001 5:17 PM (in response to claude)Hi,
When JBossMQ wants to execute the onMessage MDB method, JBossMQ must have permission to execute it. The way I make it work is as follows:
1 - In the auth.conf file, inside the database-login block (before the ;) add the following line:
unauthenticatedIdentity="message"
2 - In the MDB descriptor add:
<assembly-descriptor>
<security-role>
<role-name>Message</role-name>
</security-role>
<method-permission>
<role-name>Message</role-name>
<ejb-name>.....MDB</ejb-name>
<method-name>*</method-name>
</method-permission>
3 - Add the the user "message" with the "Message" rol in you security framework.