3 Replies Latest reply on Apr 4, 2005 8:49 AM by miojo

    JMS Authentication using JAAS through LDAP

    miojo
    miojo Mar 30, 2005 1:09 PM

      Hello... I'm trying to specify a SecurityManager using JAAS Authentication, but I'm having problems whily deploying. Here is my appmq-service.xml (I've put everything together in the same file, and preffixed services name with different string from 'jboss.mq:') :

      <server>
 <!-- A Statemanager that stores state in the database -->
 <mbean code="org.jboss.mq.sm.jdbc.JDBCStateManager"
 name="acstool.mq:service=StateManager">
 <depends optional-attribute-name="ConnectionManager">jboss.jca:service=DataSourceBinding,name=OracleDS</depends>
 <attribute name="SqlProperties">
 CREATE_TABLES_ON_STARTUP = TRUE
 CREATE_USER_TABLE = CREATE TABLE ACSTOOL_USERS (USERID VARCHAR(32) NOT NULL, PASSWD VARCHAR(32) NOT NULL, \
 CLIENTID VARCHAR(128), PRIMARY KEY(USERID))
 CREATE_SUBSCRIPTION_TABLE = CREATE TABLE ACSTOOL_SUBSCRIPTIONS (CLIENTID VARCHAR(128) NOT NULL, \
 SUBNAME VARCHAR(128) NOT NULL, TOPIC VARCHAR(255) NOT NULL, \
 SELECTOR VARCHAR(255), PRIMARY KEY(CLIENTID, SUBNAME))
 GET_SUBSCRIPTION = SELECT TOPIC, SELECTOR FROM ACSTOOL_SUBSCRIPTIONS WHERE CLIENTID=? AND SUBNAME=?
 LOCK_SUBSCRIPTION = SELECT TOPIC, SELECTOR FROM ACSTOOL_SUBSCRIPTIONS WHERE CLIENTID=? AND SUBNAME=?
 GET_SUBSCRIPTIONS_FOR_TOPIC = SELECT CLIENTID, SUBNAME, SELECTOR FROM ACSTOOL_SUBSCRIPTIONS WHERE TOPIC=?
 INSERT_SUBSCRIPTION = INSERT INTO ACSTOOL_SUBSCRIPTIONS (CLIENTID, SUBNAME, TOPIC, SELECTOR) VALUES(?,?,?,?)
 UPDATE_SUBSCRIPTION = UPDATE ACSTOOL_SUBSCRIPTIONS SET TOPIC=?, SELECTOR=? WHERE CLIENTID=? AND SUBNAME=?
 REMOVE_SUBSCRIPTION = DELETE FROM ACSTOOL_SUBSCRIPTIONS WHERE CLIENTID=? AND SUBNAME=?
 </attribute>
 </mbean>

 <!--
 | The MessageCache decides where to put JBossMQ message that
 | are sitting around waiting to be consumed by a client.
 -->
 <mbean code="org.jboss.mq.server.MessageCache"
 name="acstool.mq:service=MessageCache">
 <attribute name="HighMemoryMark">20</attribute>
 <attribute name="MaxMemoryMark">25</attribute>
 <attribute name="CacheStore">acstool.mq:service=PersistenceManager</attribute>
 </mbean>

 <!--
 | The jdbc2 PersistenceManager is the new improved JDBC implementation.
 -->
 <mbean code="org.jboss.mq.pm.jdbc3.PersistenceManager"
 name="acstool.mq:service=PersistenceManager">
 <depends optional-attribute-name="ConnectionManager">jboss.jca:service=DataSourceBinding,name=OracleDS</depends>
 <attribute name="SqlProperties">
 ... hidded sql commands ...




      <!--
      | The destination manager is the core service within JBossMQ
      -->

      <depends optional-attribute-name="MessageCache">acstool.mq:service=MessageCache
      <depends optional-attribute-name="PersistenceManager">acstool.mq:service=PersistenceManager
      <depends optional-attribute-name="StateManager">acstool.mq:service=StateManager








      java:/jaas/chaodefabrica
      <depends optional-attribute-name="NextInterceptor">
      acstool.mq:service=DestinationManager


      <!-- ==================================================================== -->
      <!-- JBossMQ Interceptor chain configuration -->
      <!-- ==================================================================== -->
      <!-- To tune performance, you can have the Invoker skip over the TracingInterceptor -->
      <!-- and/or the SecurityManager, but then you loose the ability to trace and/or enforce security. -->

      <depends optional-attribute-name="NextInterceptor">
      acstool.mq:service=TracingInterceptor




      org.jboss.mq.server.TracingInterceptor
      <depends optional-attribute-name="NextInterceptor">
      acstool.mq:service=SecurityManager


      <!-- =========================== -->
      <!-- ACS Tool Destination Config -->
      <!-- =========================== -->

      <depends optional-attribute-name="DestinationManager">acstool.mq:service=DestinationManager
      <depends optional-attribute-name="SecurityManager">acstool:service=SecurityManager









      And I'm getting this error when I try to deploy this file: 
      14:59:23,234 ERROR [URLDeploymentScanner] Incomplete Deployment listing:
MBeans waiting for other MBeans:
ObjectName: acstool.mq.destination:service=Topic,name=acsTopic
 state: CONFIGURED
 I Depend On: acstool.mq:service=DestinationManager
 acstool:service=SecurityManager

 Depends On Me:

MBEANS THAT ARE THE ROOT CAUSE OF THE PROBLEM:
ObjectName: acstool:service=SecurityManager
 state: NOTYETINSTALLED
 I Depend On:
 Depends On Me: acstool.mq.destination:service=Topic,name=acsTopic


      • 2247 Views
      • Tags:
        • 1. Re: JMS Authentication using JAAS through LDAP
          miojo
          miojo Mar 30, 2005 1:22 PM (in response to miojo)

          sorry, the xml was malformed. Here it is:

          <server>
 <mbean code="org.jboss.mq.sm.jdbc.JDBCStateManager"
 name="acstool.mq:service=StateManager">
 <depends optional-attribute-name="ConnectionManager">jboss.jca:service=DataSourceBinding,name=OracleDS</depends>
 <attribute name="SqlProperties">
 CREATE_TABLES_ON_STARTUP = TRUE
 CREATE_USER_TABLE = CREATE TABLE ACSTOOL_USERS (USERID VARCHAR(32) NOT NULL, PASSWD VARCHAR(32) NOT NULL, CLIENTID VARCHAR(128), PRIMARY KEY(USERID))
 CREATE_SUBSCRIPTION_TABLE = CREATE TABLE ACSTOOL_SUBSCRIPTIONS (CLIENTID VARCHAR(128) NOT NULL, SUBNAME VARCHAR(128) NOT NULL, TOPIC VARCHAR(255) NOT NULL, SELECTOR VARCHAR(255), PRIMARY KEY(CLIENTID, SUBNAME))
 GET_SUBSCRIPTION = SELECT TOPIC, SELECTOR FROM ACSTOOL_SUBSCRIPTIONS WHERE CLIENTID=? AND SUBNAME=?
 LOCK_SUBSCRIPTION = SELECT TOPIC, SELECTOR FROM ACSTOOL_SUBSCRIPTIONS WHERE CLIENTID=? AND SUBNAME=?
 GET_SUBSCRIPTIONS_FOR_TOPIC = SELECT CLIENTID, SUBNAME, SELECTOR FROM ACSTOOL_SUBSCRIPTIONS WHERE TOPIC=?
 INSERT_SUBSCRIPTION = INSERT INTO ACSTOOL_SUBSCRIPTIONS (CLIENTID, SUBNAME, TOPIC, SELECTOR) VALUES(?,?,?,?)
 UPDATE_SUBSCRIPTION = UPDATE ACSTOOL_SUBSCRIPTIONS SET TOPIC=?, SELECTOR=? WHERE CLIENTID=? AND SUBNAME=?
 REMOVE_SUBSCRIPTION = DELETE FROM ACSTOOL_SUBSCRIPTIONS WHERE CLIENTID=? AND SUBNAME=?
 </attribute>
 </mbean>

 <mbean code="org.jboss.mq.server.MessageCache"
 name="acstool.mq:service=MessageCache">
 <attribute name="HighMemoryMark">20</attribute>
 <attribute name="MaxMemoryMark">25</attribute>
 <attribute name="CacheStore">
 acstool.mq:service=PersistenceManager</attribute>
 </mbean>

 <mbean code="org.jboss.mq.pm.jdbc3.PersistenceManager"
 name="acstool.mq:service=PersistenceManager">
 <depends optional-attribute-name="ConnectionManager">
 jboss.jca:service=DataSourceBinding,name=OracleDS</depends>
 <attribute name="SqlProperties">
*** HIDDEN SQL CMDS ***
 </attribute>
 </mbean>

 <mbean code="org.jboss.mq.server.jmx.DestinationManager"
 name="acstool.mq:service=DestinationManager">
 <depends optional-attribute-name="MessageCache">
 acstool.mq:service=MessageCache</depends>
 <depends optional-attribute-name="PersistenceManager">
 acstool.mq:service=PersistenceManager</depends>
 <depends optional-attribute-name="StateManager">
 acstool.mq:service=StateManager</depends>
 </mbean>
 <mbean code="org.jboss.mq.security.SecurityManager"
 name="acstool.mq:service=SecurityManager">
 <attribute name="DefaultSecurityConfig">
 <security>
 <role name="guest" read="true" write="true" create="false"/>
 </security>
 </attribute>
 <attribute name="SecurityDomain">java:/jaas/chaodefabrica</attribute>
 <depends optional-attribute-name="NextInterceptor">
 acstool.mq:service=DestinationManager</depends>
 </mbean>

 <mbean code="org.jboss.mq.server.jmx.Invoker"
 name="acstool.mq:service=Invoker">
 <depends optional-attribute-name="NextInterceptor">
 acstool.mq:service=TracingInterceptor</depends>
 </mbean>

 <mbean code="org.jboss.mq.server.jmx.InterceptorLoader"
 name="acstool.mq:service=TracingInterceptor">
 <attribute name="InterceptorClass">
 org.jboss.mq.server.TracingInterceptor</attribute>
 <depends optional-attribute-name="NextInterceptor">
 acstool.mq:service=SecurityManager</depends>
 </mbean>

 <mbean code="org.jboss.mq.server.jmx.Topic"
 name="acstool.mq.destination:service=Topic,name=acsTopic">
 <depends optional-attribute-name="DestinationManager">
 acstool.mq:service=DestinationManager</depends>
 <depends optional-attribute-name="SecurityManager">
 acstool:service=SecurityManager</depends>
 <attribute name="SecurityConf">
 <security>
 <role name="guest" read="true" write="true" create="false"/>
 </security>
 </attribute>
 </mbean>

</server>


            • Actions
          • 2. Re: JMS Authentication using JAAS through LDAP
            adrian.brock Mar 31, 2005 11:03 AM (in response to miojo)

            Why isn't the error you posted self explanatory?

            MBEANS THAT ARE THE ROOT CAUSE OF THE PROBLEM:
ObjectName: acstool:service=SecurityManager
 state: NOTYETINSTALLED

            you have no such service.

            You do have acstool.mq:service=SecurityManager

              • Actions
            • 3. Re: JMS Authentication using JAAS through LDAP
              miojo
              miojo Apr 4, 2005 8:49 AM (in response to miojo)

              Yeah, sorry, I found that after post the problem... :)

              But I'm still having problems to use the State Manager, because there is columns related to Roles, and I'm using JAAS with a kind of NT authentication (that NTSystem.dll, just to authenticate the user in some domain, not LDAP), and the StateManager uses tables with Role column. How is that going to work ?

                • Actions