Porting jbossmq security configuration from 3.2.3 to 4.0.2
rudivankeirsbilck Nov 22, 2005 11:12 AMHi all,
Up until now my app has been running smoothly on jboss 3.2.3. New features that I am about to start to implement require me to port to 4.0.2 and use EJB2.1
I was using jbossmq-state.xml before to configure user/password/role information:
<StateManager> <Users> <User> <Name>guest</Name> <Password>guest</Password> </User> <User> <Name>nobody</Name> <Password>nobody</Password> </User> <User> <Name>bspub</Name> <Password>bspub</Password> </User> <User> <Name>bssub</Name> <Password>bssub</Password> </User> </Users> <Roles> <Role name="guest"> <UserName>guest</UserName> <UserName>john</UserName> </Role> <Role name="bluespacepublisher"> <UserName>bspub</UserName> </Role> <Role name="bluespacesubscriber"> <UserName>bssub</UserName> </Role> </Roles> <DurableSubscriptions> </DurableSubscriptions> </StateManager>
I have taken the necessary steps to enable usage of jbossmq-state.xml by changing login-config.xml to:
<!-- Security domain for JBossMQ when using file-state-service.xml --> <application-policy name = "jbossmq"> <authentication> <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule" flag = "required"> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option> </login-module> </authentication> </application-policy>
and copying the file-state-service.xml to deploy/jms and my old jbossmq-state.xml file to the conf directory.
All my components that are posting messages on topics are using authenticated connections:
String userName; try { userName = (String) initialContext.lookup("username"); } catch (NamingException e) { Logger.EVENT.debug("A publisher has not yet defined the userName ejb-env entry, using default."); userName = "bspub"; } String password; try { password = (String) initialContext.lookup("password"); } catch (NamingException e) { Logger.EVENT.debug("A publisher has not yet defined the password ejb-env entry, using default."); password = "bspub"; } TopicConnection connection = this.getTopicConnectionFactory(initialContext).createTopicConnection(userName, password);
The topics are all configured as the one below:
<mbean code="org.jboss.mq.server.jmx.Topic" name="jboss.mq.destination:service=Topic,name=ReceiveMail"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> <attribute name="SecurityConf"> <security> <role name="bluespacepublisher" read="true" write="true" create="true"/> <role name="bluespacesubscriber" read="true" write="false" create="true"/> </security> </attribute> </mbean>
All goes well, i.e. I am not getting any errors at deployment time, even the code executes fine until the transaction commits and then I see:
Caused by: org.jboss.tm.JBossRollbackException: Unable to commit, tx=TransactionImpl:XidImpl[FormatId=257, GlobalId=Thunder.local/73, BranchQual=, localId=73] status=STATUS_NO_TRANSACTION; - nested throwable: (org.jboss.mq.SpyXAException: - nested throwable: (javax.jms.JMSSecurityException: Connection not authorized to addMessages to destination: SendMail)) at org.jboss.tm.TransactionImpl.commit(TransactionImpl.java:344) at org.jboss.ejb.plugins.TxInterceptorCMT.endTransaction(TxInterceptorCMT.java:486) ... 52 more Caused by: org.jboss.mq.SpyXAException: - nested throwable: (javax.jms.JMSSecurityException: Connection not authorized to addMessages to destination: SendMail) at org.jboss.mq.SpyXAResource.prepare(SpyXAResource.java:134) at org.jboss.tm.TransactionImpl$Resource.prepare(TransactionImpl.java:2101) at org.jboss.tm.TransactionImpl.prepareResources(TransactionImpl.java:1553) at org.jboss.tm.TransactionImpl.commit(TransactionImpl.java:319) ... 53 more Caused by: javax.jms.JMSSecurityException: Connection not authorized to addMessages to destination: SendMail at org.jboss.mq.security.ServerSecurityInterceptor.transact(ServerSecurityInterceptor.java:166) at org.jboss.mq.server.TracingInterceptor.transact(TracingInterceptor.java:438) at org.jboss.mq.server.JMSServerInvoker.transact(JMSServerInvoker.java:186) at org.jboss.mq.il.jvm.JVMServerIL.transact(JVMServerIL.java:327) at org.jboss.mq.Connection.send(Connection.java:1163) at org.jboss.mq.SpyXAResourceManager.prepare(SpyXAResourceManager.java:207) at org.jboss.mq.SpyXAResource.prepare(SpyXAResource.java:130) ... 56 more
My topic subscriber components all deploy fine and are all using SecurityConf entries in there deployment descriptors.
What have I missed?
Much obliged,
Rudi