0 Replies Latest reply on May 16, 2006 2:16 PM by josey

    JMS user authentication error (remote) with createConnnectio

    josey May 16, 2006 2:16 PM

      I using a JBossMQ JMS server running in jboss-4.0.4.CR2. My MDBs deploy and consume messages fine and I have no problem producing messages locally (e.g., I can produce messages using a standalone client application running in another JVM on the same machine as the application server).

      When I try to connect to the JMS server remotely to produce messages I get an exception when trying to create a connection (e.g., Server A is running jboss with JBossMQ; Server B tries to get a JMS Connection and receives an error: Cannot authenticate user

      The error occurs while executing this line:

      factory.createConnection("guest", "guest");


      I have included my login-conf.xml and jbossmq-service.xml below.

      Question: Do I need to use a LoginContext when getting the InitialContext for the JNDI lookups?

      Question: Is there anything else I am missing?


      Here is how I get my InitialContext (which gets me the ConnectionFactory with no error): 
       Hashtable env = new Hashtable();
 env.put(Context.SECURITY_PRINCIPAL, "guest");
 env.put(Context.SECURITY_CREDENTIALS, "guest");
 env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
 env.put(Context.PROVIDER_URL, "jnp://111.11.222.111"); //note: bogus ip address
 env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces" );

 InitialContext ctx = new InitialContext(env);


      From jbossmq-service.xml: 
       <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager">
 <attribute name="DefaultSecurityConfig">
 <security>
 <role name="guest" read="true" write="true" create="true"/>
 </security>
 </attribute>
 <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute>
 <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
 </mbean>


      From login-conf.xml 
       <!-- Security domain for JBossMQ -->
 <application-policy name = "jbossmq">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "dsJndiName">java:/DefaultDS</module-option>
 <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
 <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
 </login-module>
 </authentication>
 </application-policy>


      Also, my DefaultDS has the correct userid, password and roleid defined for "guest".

      • 3391 Views
      • Tags: