I have a similar problem with security. As you, I can get JBoss to call my MDB if I change the security domain of the Message Driven Beans in "standardJBoss.xml". However, this puts the security context under a null principal. When the MDB calls into a secured EJB, I then naturally get a security exception. If I explicitly try to change the security context in the MDB (by logging out and then logging in as a known user), it works with the first call to the MDB, but the second will give a container exception in the JaasSecurityManager.validateCache method.

Like you, I have set the "run-as" attribute on my MDB, but that is being ignored. What I'd like is to be able to specify the security context of the onMessage() call from JBoss (or at least get the run-as attribute working).

There seems to be little information (I have the official JBoss docs) on how security is applied during MDB calls. Maybe one of the developers can enlighten us.

Hi, I have to admit that I wrote the MDB container back in the age of dawn, but that I never have done any security configurations on it.

I do know this:

1. An MDB will allways be invoked with a principal and credentials set to null.

2. If it is running i a container where a security manager is installed this null principal and null cred will be checked against the installed LoginModule for the security domain.

3. If the LoginModule is configured to return a default role and for a null user with a null password this will succed otherwise the invokation will be abondoned.

4. The run-as role will only ever be used if there was a security manager installed and if the auth process was lucky. If that was the case, I can see nothing in the SecurityInterceptor that would make the run-as not work.

Bottom line: if you setup a LoginModule to autenticate a null user with a null password an place it in any - as far as I can read the code - role, the run-as role will be honored.

You could also be adventurous and patch JMSContainerInvoker to run as a principal you specify: for example get the user and password from the mdb config (your JMS provider must let this user in):

MessageDrivenMetaData config =
((MessageDrivenMetaData)container.getBeanMetaData());
String user = config.getUser();
String password = config.getPasswd();

And construct a principal in the invokation:

try {
invoker.invoke(id, // Object id - where used?
ON_MESSAGE, // Method to invoke
new Object[] {message}, // argument
tm.getTransaction(), // Transaction
new SimplePrincipal(user), // Principal
password); // Cred
}
catch (Exception e) {
log.error("Exception in JMSCI message listener", e);
}

//Peter

As I see it it is the SecurityInterceptor that should honour run-as, if that interceptor is dissabled or is not working properly with the setup run-as will NOT work.

//Peter

Correct.

//Peter

Chewitty - can you please post your security domain config file?

Secondly, do the mdbs have to be in a separate jar in order to run under the clientloginmodule domain?

From what i gather from your last posting, it looks like the clientloginmodule for the mdbs will specify the unauthenticatedIndentity which has to be a valid role in your DatabaseServerLogin module... is this assumption correct?

thanks.

The problem with this approach, at least in 2.4.4 which is what I'm using, is that adding an unauthenticatedIdentity to the LoginModule (in the server auth.conf) allows unauthenticated access from remote clients. This is unacceptable in our application.

Has anyone got a solution for 2.4.x that allows MDBs to use run-as properly whilst still forbidding unauthenticated access from remote clients?

I'm using JBoss 3.0 RC 3, whenever I enable the security manager for the EJB container. My MDB won't work. Is there any work around? E.g. May we disable the security manager for all MDBs only, since security for entity/session EJBs are important

Will there be a modification before 3.0 final will be released? Or when will this be fixed?

Thanks

Same problem is in Jboss3.0 I can't get it to work with UsersRolesLoginModule, okay I can but only when I add unauthenticatedIdentity="nobody" in security domain configuration. This is not acceptable in my case either.

I tried to login programaticaly using LoginContext but it seems it doesn't change anything???? Prinicple is still null which I don't understand, any idea what that can be????

p.

Same problem is in Jboss3.0 I can't get it to work with UsersRolesLoginModule, okay I can but only when I add unauthenticatedIdentity="nobody" in security domain configuration. This is not acceptable in my case either.

I tried to login programaticaly using LoginContext but it seems it doesn't change anything???? Prinicple is still null which I don't understand, any idea what that can be????

p.

For my problem I wrote an interceptor that hard-codes a known principal/credential into the method invocation, and made my MDB container configuration use that. It runs right after the invoker so by the time the security interceptor gets to it everything looks normal. This means your MDBs run with a known identity but still forbids any unauthenticated access to EJBs.

It's a half-solution, but has proven effective here. We're still using 2.4 (specifically 2.4.5) so don't have any JAAS on our JMS.