-
1. Re: Anyway of removing the MDB username/password from jboss.
gray1 May 29, 2005 10:28 PM (in response to gray1)Extra information follows
My ideal solution would be to remove these jms usernames and passwords from the jboss.xml altogether and then doing some magic in the server JAAS login config xml file to make it so that the jms identity is configured there (which meets my criteria of being outside of the EAR) and the MDB gets it automatically. However I'm not sure if that is possible even if your jms destinations and ejb container are forunate enough to be sharing the same JAAS realm.
I would really appreciate some wisdom here on ways of removing the JMS password from the jboss.xml (and therefore out of the EAR).
My only workarounds at the moment are to either
1) Get the admin to actually check out from CVS, run the ant build and generate the deployment artifact themselves or
2) Get the admin team to unpack the EAR, unpack the EJB jar, update the jboss.xml with the prod password, then repack the JAR and EAR.
Obviously both of these are convoluted workarounds.
Kindest Regards,
Graeme. -
2. Re: Anyway of removing the MDB username and password from th
gray1 May 30, 2005 7:15 PM (in response to gray1)I really need ideas here. Anyone?
I was thinking perhaps maybe a ConfiguredIdentityLoginModule might be an answer. But right now I don't even know if it's possible to use JAAS to authenticate an MDB to a JMS Destination rather than using the explicit username/password in the jboss.xml... -
3. Re: Anyway of removing the MDB username and password from th
gray1 May 30, 2005 8:36 PM (in response to gray1)Another option I thought of by reading the various forum posts was using resource factory to supply the jms connections meaning I could supply the connection parameters (username and password) in a xml file similar to my jdbc datasources. Is this a possibility? If it is how would I tell the mdb to use a connection from this factory rather than looking for username and password in the jboss xml file?
-
4. Re: Anyway of removing the MDB username and password from th
gray1 Jun 1, 2005 9:09 PM (in response to gray1)No replies yet.
Has anyone had a chance to consider the question I raised regarding removing the message driven bean jms username and password from the jboss.xml file? -
5. Re: Anyway of removing the MDB username and password from th
adrian.brock Jun 2, 2005 12:22 PM (in response to gray1)Raise a feature request (and/or supply a patch) on JIRA.
The most obvious solution is to allow an optional JAAS config on the JMSProviderAdapter.
i.e. if the MDB (or JMS RAR) does not provide a user/password it asks
JAAS for the user/password and does createConnection(jaasUser, jaasPassword).
I'd raise the issue in the Developer's security forum first, to discuss implementation
details/issues on the JAAS side, e.g. maybe you want this same user/password
for the JNDI context, not just the JMS connection creation.
http://www.jboss.org/index.html?module=bb&op=viewforum&f=171 -
6. Re: Anyway of removing the MDB username and password from th
gray1 Jun 2, 2005 10:08 PM (in response to gray1)Thanks for the reply Adrian.
Forgive my persistence but am I correct to assume therefore that there is no way of currently getting your MDB to subscribe to a secured JMS destination without using those two fields in the jboss.xml?
I was really hoping for a reply along the lines of "oh thats easy you just put **** into the conf/login-conf.xml file and jaas will do it for you" or "oh thats easy you just put **** into the jboss.xml file to make use a JMS resource factory connection rather than manually opening a JMS connection". :)
I guess if it's truly not possible I will just have write the deployment script workaround (unpacks the ear and ejb jar, puts in the password that the deployer specifies and repacks the jar then ear).
Kindest Regards,
Graeme. -
7. Re: Anyway of removing the MDB username and password from th
starksm64 Jun 3, 2005 9:54 AM (in response to gray1)... <message-driven> <ejb-name>SomeMDB</ejb-name> <destination-jndi-name>someDest</destination-jndi-name> <mdb-user>${SomeMDB.mdb-user}</mdb-user> <mdb-passwd>${SomeMDB.mdb-passwd}</mdb-passwd> </message-driven> ...
and define the SomeMDB.mdb-user, SomeMDB.mdb-passwd system properties in the properties-service.xml. -
8. Re: Anyway of removing the MDB username and password from th
gray1 Jun 5, 2005 9:51 PM (in response to gray1)That's brilliant Scott. Works like a charm...
Thanks,
Graeme. -
9. Re: Anyway of removing the MDB username and password from th
thai777 Mar 19, 2009 10:33 PM (in response to gray1)
Hi all, we are trying to remove hardcoding the username and password for the MDB from jboss.xml. Tried as suggested but for some reason the property values aren't being picked up in jboss.xml.
1. deploy/properties-service.xml:<mbean code="org.jboss.varia.property.SystemPropertiesService" name="jboss:type=Service,name=SystemProperties"> <!-- | Set raw properties file style properties. --> <attribute name="Properties"> username=john password=needle </attribute> </mbean>
2. jboss.xml:
<message-driven> <ejb-name>SaMDB</ejb-name> <destination-jndi-name>queue/TO_SA</destination-jndi-name> <mdb-user>${username}</mdb-user> <mdb-passwd>${password}</mdb-passwd> <resource-ref> <res-ref-name>jms/QCF</res-ref-name> <jndi-name>ConnectionFactory</jndi-name> </resource-ref> </message-driven>
3. <JBOSS_SERVER/common/lib/properties-plugin.jar exists
4. Tried in JBoss version 5.0.0.GA and 5.0.1.GA
5. ${username} has not been evaluated, got the following exception:
javax.jms.JMSSecurityException: User ${username} is NOT authenticated
Any help or leads would be most appreciated.
Thanks,
Thai -
10. Re: Anyway of removing the MDB username and password from th
jaikiran Mar 20, 2009 8:19 AM (in response to gray1)Try this for now:
run.bat -Dusername=john -Dpassword=needle
Let me see the docs for PropertiesService and how it works and its syntax. -
11. Re: Anyway of removing the MDB username and password from th
thai777 Mar 22, 2009 7:58 PM (in response to gray1)Thank you for your reply jaikiran.
The problem with using the -D option for the JVM will mean that anyone logged on to the machine will be able to view the username and password when they view the process using the ps command.
However, I think you have just made me realised that we will be deploying on a Windows server for this application and will be using the Windows Service process to start JBoss so that might not pose a
after all (i.e. we can use the -D option). Am I right? Will confirm this now.
Still, it will be good to find out what was the problem with the properties-service.xml not loading for jboss.xml.
Thanks,
-Thai