0 Replies Latest reply on Mar 31, 2006 3:13 PM by zambak

    Using different jaas context - different Security Manager???

    zambak
    zambak Mar 31, 2006 3:13 PM

      Hello

      I am trying to secure access to a queue based on the information froma a different DB that that JBoss comes with (Hypersonic)...

      I have created a necessary context in login-config.xml as so:

       <application-policy name = "XXX-mq">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "dsJndiName">java:jdbc/XXXDS</module-option>
 <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
 <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
 </login-module>
 </authentication>
 </application-policy>



      Then I deployed -service file which describes SecurityManager as so: 
      <?xml version="1.0" encoding="UTF-8"?>


<server>


 <mbean code="org.jboss.mq.security.SecurityManager" name="XXX.mq:service=SecurityManager">
 <attribute name="DefaultSecurityConfig">
 <security>
 <role name="guestrole" read="true" write="false" create="false"/>
 </security>
 </attribute>
 <attribute name="SecurityDomain">java:/jaas/XXX-mq</attribute>
 <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
 </mbean>


</server>



      And last I deploy -service.xml file with my queue: 

      <?xml version="1.0" encoding="UTF-8"?>
<server>

 <mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=XXXqueue">
 <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
 <depends optional-attribute-name="SecurityManager">XXX.mq:service=SecurityManager</depends>
 <attribute name="MessageCounterHistoryDayLimit">-1</attribute>
 <attribute name="SecurityConf">
 <security>
 <role name="guestrole" read="true" write="false"/>
 <role name="bgqueue" read="true" write="true" create="false"/>
 </security>
 </attribute>
 </mbean>

</server>



      No errors or warnings in the log (not even MQ subsystem)....But the above does not work...I am still able to send messages without authenticating....If I use jboss.mq.SecurityManager then protection works....Can someone tell me if I am doing somethign wrong?

      Am I using the right approach to protect a queue based on users and roles from my own database?

      Thanks

      Z

      • 2232 Views
      • Tags: