0 Replies Latest reply on Jun 23, 2004 1:51 PM by gfreemankc

    user null not authenticated upon cache timeout

    gfreemankc Jun 23, 2004 1:51 PM

      I'm having an issue using JBoss 3.2.3 where I've defined a JMS queue, with a unauthenticatedIdentity of guest. I'm able to publish messages to the queue, until the DefaultCacheTimout on the JaasSecurityManager is hit. At that point I get user: null is NOT authenticated messages.

      Before the cache timeout, I see this in the trace log (of jms and security):

      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.Connection] Authenticating user null
      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.il.oil.OILServerIL] Connecting to : serverpc/192.168.1.101:8090
      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.il.oil.OILServerIL] Connecting with addr=serverpc/192.168.1.101, port=8090, localAddr=null, localPort=0, socketFactory=javax.net.DefaultSocketFactory@f77c8e
      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.il.oil.OILServerILService] Setting TcpNoDelay Option to:true
      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.server.TracingInterceptor] CALLED : authenticate
      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.security.ServerSecurityInterceptor] Autenticating user null/null
      2004-06-23 12:33:32,937 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@18e8fe0
      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.security.SecurityManager] Username: null is authenticated
      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.security.SecurityManager] Adding group : class org.jboss.security.NestableGroup Roles(members:guest)
      2004-06-23 12:33:32,937 TRACE [org.jboss.mq.server.TracingInterceptor] RETURN : authenticate


      Note the validateCache call above....
      After the cache timeout, I see the following in the trace log:


      2004-06-23 12:33:33,046 TRACE [org.jboss.mq.Connection] Authenticating user null
      2004-06-23 12:33:33,046 TRACE [org.jboss.mq.il.oil.OILServerIL] Connecting to : serverpc/192.168.1.101:8090
      2004-06-23 12:33:33,046 TRACE [org.jboss.mq.il.oil.OILServerIL] Connecting with addr=serverpc/192.168.1.101, port=8090, localAddr=null, localPort=0, socketFactory=javax.net.DefaultSocketFactory@f77c8e
      2004-06-23 12:33:33,046 TRACE [org.jboss.mq.il.oil.OILServerILService] Setting TcpNoDelay Option to:true
      2004-06-23 12:33:33,046 TRACE [org.jboss.mq.server.TracingInterceptor] CALLED : authenticate
      2004-06-23 12:33:33,046 TRACE [org.jboss.mq.security.ServerSecurityInterceptor] Autenticating user null/null
      2004-06-23 12:33:33,062 TRACE [org.jboss.mq.sm.file.DynamicLoginModule] logout
      2004-06-23 12:33:33,062 DEBUG [org.jboss.security.plugins.JaasSecurityManager.jbossmq] Login failure
      javax.security.auth.login.LoginException: No LoginModules configured for jbossmq
      at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
      at javax.security.auth.login.LoginContext.<init>(LoginContext.java:350)
      at javax.security.auth.login.LoginContext.<init>(LoginContext.java:465)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:486)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:442)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:244)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:219)
      at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:208)
      at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:51)
      at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:787)
      at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:287)
      at org.jboss.mq.il.oil.OILServerILService$Client.run(OILServerILService.java:329)
      at java.lang.Thread.run(Thread.java:534)
      2004-06-23 12:33:33,062 TRACE [org.jboss.mq.security.SecurityManager] User: null is NOT authenticated
      2004-06-23 12:33:33,062 TRACE [org.jboss.mq.server.TracingInterceptor] EXCEPTION : authenticate:
      javax.jms.JMSSecurityException: User: null is NOT authenticated
      at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:232)
      at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:51)
      at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:787)
      at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:287)
      at org.jboss.mq.il.oil.OILServerILService$Client.run(OILServerILService.java:329)
      at java.lang.Thread.run(Thread.java:534)
      2004-06-23 12:33:33,062 TRACE [org.jboss.mq.server.TracingInterceptor] RETURN : authenticate


      I can't figure out why it thinks there is no LoginModule configured for the jbossmq domain....

      In my jbossmq-service.xml I have: 
      <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager">
 <attribute name="DefaultSecurityConfig">
 <security>
 <role name="guest" read="true" write="true" create="true"/>
 </security>
 </attribute>
 <attribute name="SecurityDomain">jbossmq</attribute>
 <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
 </mbean>


      My queue is defined as: 
      <mbean code="org.jboss.mq.server.jmx.Queue"
 name="jboss.mq.destination:service=Queue,name=ReactorEvents">
 <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
 <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
 <attribute name="SecurityConf">
 <security>
 <role name="guest" read="true" write="true"/>
 <role name="publisher" read="true" write="true" create="false"/>
 </security>
 </attribute>
 </mbean>


      My jboss-service.xml has: 
       <mbean code="org.jboss.security.plugins.SecurityConfig"
 name="jboss.security:service=SecurityConfig">
 <attribute name="LoginConfig">jboss.security:service=XMLLoginConfig</attribute>
 </mbean>
 <mbean code="org.jboss.security.auth.login.XMLLoginConfig"
 name="jboss.security:service=XMLLoginConfig">
 <attribute name="ConfigResource">login-config.xml</attribute>
 </mbean>

 <!-- JAAS security manager and realm mapping -->
 <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
 name="jboss.security:service=JaasSecurityManager">
 <attribute name="SecurityManagerClassName">
 org.jboss.security.plugins.JaasSecurityManager
 </attribute>
 <attribute name="DefaultCacheTimeout">10</attribute>
 </mbean>


      The login-config.xml has: 
       <!-- Security domain for JBossMQ -->
 <application-policy name = "jbossmq">
 <authentication>
 <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
 flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
 </login-module>
 </authentication>
 </application-policy>


      And my jbossmq-state has: 
      <User>
 <Name>guest</Name>
 <Password>guest</Password>
</User>
and
<Role name="guest">
 <UserName>guest</UserName>
 <UserName>john</UserName>
</Role>



      I can't figure out why it works until the cache expires....

      I had originally posted this in the Messaging forum, but as I looked at it more, the more I belive it's a security issue, so please forgive the cross-post.

      Thank you in advance for your help.


      • 2331 Views
      • Tags: