Using different jaas context - different Security Manager???
zambak Mar 31, 2006 3:13 PMHello
I am trying to secure access to a queue based on the information froma a different DB that that JBoss comes with (Hypersonic)...
I have created a necessary context in login-config.xml as so:
<application-policy name = "XXX-mq"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "dsJndiName">java:jdbc/XXXDS</module-option> <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option> <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option> </login-module> </authentication> </application-policy>
Then I deployed -service file which describes SecurityManager as so:
<?xml version="1.0" encoding="UTF-8"?> <server> <mbean code="org.jboss.mq.security.SecurityManager" name="XXX.mq:service=SecurityManager"> <attribute name="DefaultSecurityConfig"> <security> <role name="guestrole" read="true" write="false" create="false"/> </security> </attribute> <attribute name="SecurityDomain">java:/jaas/XXX-mq</attribute> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends> </mbean> </server>
And last I deploy -service.xml file with my queue:
<?xml version="1.0" encoding="UTF-8"?> <server> <mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=XXXqueue"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">XXX.mq:service=SecurityManager</depends> <attribute name="MessageCounterHistoryDayLimit">-1</attribute> <attribute name="SecurityConf"> <security> <role name="guestrole" read="true" write="false"/> <role name="bgqueue" read="true" write="true" create="false"/> </security> </attribute> </mbean> </server>
No errors or warnings in the log (not even MQ subsystem)....But the above does not work...I am still able to send messages without authenticating....If I use jboss.mq.SecurityManager then protection works....Can someone tell me if I am doing somethign wrong?
Am I using the right approach to protect a queue based on users and roles from my own database?
Thanks
Z