9 Replies Latest reply on Jun 9, 2006 8:54 PM by josey

JMS user authentication error (remote) when requesting a Con

josey May 15, 2006 6:53 PM

I have searched for a very long trying to trying to resolve this issue. Based on the posts, wiki pages that I have read (and other external pages) this all seems to be correct. So it is now time to request help.

I using a JBossMQ JMS server running in jboss4.02CR2. My MDBs deploy and consume messages fine and I have no problem producing messages locally (e.g., I can produce messages using a standalone client application running in another JVM on the same machine as the application server).

But when I try to send messages to the JMS server and I am running the message producer on another server I get an exception every time I try to get a connection from the ConnectionFactory (no problem getting the ConnectionFactory; the exception is thrown while executing this line:

factory.createConnection("guest", "guest")

. Note that these machines are on the same network. The issue is a user authentication issue.

Here is the applicable stack trace:

15:25:00,906 DEBUG NestedThrowable: org.jboss.util.NestedThrowable.detectDuplicateNesting=true
org.jboss.mq.SpyJMSException: Cannot authenticate user; - nested throwable: (java.net.ConnectException: Connection refused: connect)
 at org.jboss.mq.SpyJMSException.getAsJMSException(SpyJMSException.java:66)
 at org.jboss.mq.SpyJMSException.rethrowAsJMSException(SpyJMSException.java:51)
 at org.jboss.mq.Connection.authenticate(Connection.java:1118)
 at org.jboss.mq.Connection.<init>(Connection.java:267)
 at org.jboss.mq.SpyConnection.<init>(SpyConnection.java:57)
 at org.jboss.mq.SpyConnectionFactory.createConnection(SpyConnectionFactory.java:108)
 ....

Again, the exception is thrown when I execute this command:

connection = factory.createConnection("guest", "guest");

Here is how I get my InitialContext (which gets me the ConnectionFactory with no error):

 Hashtable env = new Hashtable();
 env.put(Context.SECURITY_PRINCIPAL, "guest");
 env.put(Context.SECURITY_CREDENTIALS, "guest");
 env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
 env.put(Context.PROVIDER_URL, "jnp://111.11.222.111"); //note: bogus ip address
 env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces" );

 InitialContext ctx = new InitialContext(env);

From jbossmq-service.xml:

 <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager">
 <attribute name="DefaultSecurityConfig">
 <security>
 <role name="guest" read="true" write="true" create="true"/>
 </security>
 </attribute>
 <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute>
 <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
 </mbean>

From login-conf.xml

 <!-- Security domain for JBossMQ -->
 <application-policy name = "jbossmq">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "dsJndiName">java:/DefaultDS</module-option>
 <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
 <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
 </login-module>
 </authentication>
 </application-policy>

Note also that I have the appropriate db tables set up with the default user, role, password for "guest" that comes with this jboss release (I plan to change from using these defaults after I can get the default working).

Also, from jbossmq-destinations-service.xml (this should not matter with respect to creating a connection):

 <mbean code="org.jboss.mq.server.jmx.Queue"
 name="jboss.mq.destination:service=Queue,name=MessageQueueA">
 <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
 <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
 <attribute name="SecurityConf">
 <security>
 <role name="guest" read="true" write="true"/>
 </security>
 </attribute>
 </mbean>

Again, this is only an issue when I try to use a remote client to produce the messages; running the same message producer code locally there is no issue.

Thanks for any help.

1. Re: JMS user authentication error (remote) when requesting a

josey May 16, 2006 1:46 PM (in response to josey)

correction: AS version is jboss-4.0.4.CR2
Actions
2. Re: JMS user authentication error (remote) when requesting a

jaikiran May 16, 2006 1:51 PM (in response to josey)

15:25:00,906 DEBUG NestedThrowable: org.jboss.util.NestedThrowable.detectDuplicateNesting=true

This looks like just a DEBUG message and NOT an ERROR.
Actions
3. Re: JMS user authentication error (remote) when requesting a

jaikiran May 16, 2006 2:01 PM (in response to josey)

Is any of the functionality breaking because of this, or is it just this log message that you are worried about?
Actions

4. Re: JMS user authentication error (remote) when requesting a

josey May 16, 2006 8:36 PM (in response to josey)

The producer is unable to send messages to the JMS server unless it is located on the same server; this is my primary concern (not the DEBUG statement).

I do not understand why it does not allow the connection. There is one line that looks a bit fishy in the trace output below:

17:24:46,828 TRACE UILServerIL: Connecting to : bullseye/127.0.0.1:8093

bullseye is the name of the machine that attempts to connect to the JMS server (on another server).

Thoughts?

Here's a trace of what is happening when trying to connect (before the one posted in the original post):

 17:24:46,718 DEBUG SpyDestinationObjectFactory: SpyDestinationObjectFactory->getObjectInstance()
17:24:46,796 DEBUG Connection: Setting the clockDaemon's thread factory
17:24:46,796 TRACE Connection: Connection Initializing userName=guest Connection@10351444[clientID=null rcvstate=STOPPED]
17:24:46,796 TRACE Connection: Getting the serverIL Connection@10351444[clientID=null rcvstate=STOPPED]
17:24:46,796 TRACE Connection: serverIL=org.jboss.mq.il.uil2.UILServerIL@1d225a7 Connection@10351444[clientID=null rcvstate=STOPPED]
17:24:46,796 TRACE Connection: Authenticating user guest Connection@10351444[clientID=null rcvstate=STOPPED]
17:24:46,828 TRACE UILServerIL: Connecting to : bullseye/127.0.0.1:8093
17:24:46,828 TRACE UILServerIL: Connecting with addr=127.0.0.1, port=8093, localAddr=null, localPort=0, socketFactory=javax.net.DefaultSocketFactory@ef137d, enableTcpNoDelay=true, bufferSize=2048, chunkSize=1000000
17:24:46,828 TRACE UILServerIL: Begin connect loop, maxRetries=10, delay=0
17:24:47,765 TRACE UILServerIL: Failed to connect, retries=1
java.net.ConnectException: Connection refused: connect
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(Unknown Source)
 at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
 at java.net.PlainSocketImpl.connect(Unknown Source)
 at java.net.SocksSocketImpl.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.<init>(Unknown Source)
 at java.net.Socket.<init>(Unknown Source)
 at javax.net.DefaultSocketFactory.createSocket(Unknown Source)
 at org.jboss.mq.il.uil2.UILServerIL.createConnection(UILServerIL.java:642)
 at org.jboss.mq.il.uil2.UILServerIL.getSocketMgr(UILServerIL.java:532)
 at org.jboss.mq.il.uil2.UILServerIL.authenticate(UILServerIL.java:334)
 at org.jboss.mq.Connection.authenticate(Connection.java:1114)
 at org.jboss.mq.Connection.<init>(Connection.java:267)
 at org.jboss.mq.SpyConnection.<init>(SpyConnection.java:57)
 at org.jboss.mq.SpyConnectionFactory.createConnection(SpyConnectionFactory.java:108)
 at com.squaretrade.jms.MessageDeliveryDelegate.send(MessageDeliveryDelegate.java:96)
 at com.squaretrade.jms.DefaultMessagingFacade.send(DefaultMessagingFacade.java:34)
 at com.squaretrade.jms.BaseMessageObject.sendInternal(BaseMessageObject.java:80)
 at com.squaretrade.jms.BaseMessageObject.send(BaseMessageObject.java:43)
 at com.squaretrade.jms.client.TestTopicMessageProducer.sendMessages(TestTopicMessageProducer.java:25)
 at com.squaretrade.jms.client.MessageProducerThread.run(MessageProducerThread.java:49)

5. Re: JMS user authentication error (remote) when requesting a

akbdas May 17, 2006 8:19 AM (in response to josey)

let me know the JMS Connection Code....
Actions

6. Re: JMS user authentication error (remote) when requesting a

josey May 17, 2006 3:41 PM (in response to josey)

Connection code:

1. To get the InitialContext:

protected InitialContext getContext() throws NamingException {
 Hashtable env = new Hashtable();

 //commented out because found unnecessary
 //env.put(Context.SECURITY_PRINCIPAL, "guest");
 //env.put(Context.SECURITY_CREDENTIALS, "guest");

 env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
 env.put(Context.PROVIDER_URL, "jnp://bullseye");
 //env.put(Context.PROVIDER_URL, "jnp://bullseye:1099");
 env.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces" );

 return new InitialContext(env);
}

2. Getting the connection

/* Get the JNDI reference to the connection factory. */
factory = (ConnectionFactory) ctx.lookup("ConnectionFactory");

/* Get the JNDI reference to the destination. */
Destination destination = (Destination) ctx.lookup(jndiDestinationName);

/* Create the connection from the connection factory. */
connection = factory.createConnection("guest", "guest");

Also may be worth noting that I am running the all / EJB3clustered configuration.

Thanks for the help.

7. Re: JMS user authentication error (remote) when requesting a

josey May 18, 2006 7:55 PM (in response to josey)

I found out the issue.

In the file deploy/jms/uil2-service.xml, the parameter ${jboss.bind.address} resolves to the loopback address; by setting this to the actual IP address of the server the problem disappears (meaning I can now access the Queue/TopicConnection remotely so the message producer can send messages to the destination).

I tried adding this line to run.conf:
JAVA_OPTS="$JAVA_OPTS -Djboss.bind.address=`hostname`"

Also, tried using the actual ip address instead of 'hostname'; neither of these worked.

Question: Where the property ${jboss.bind.address} defined if not as a SystemProperty? I grep'd the source but found no where that it is set. I do not want to hardcode my IP address the file deploy/jms/uil2-service.xml.
Actions
8. Re: JMS user authentication error (remote) when requesting a

josey May 18, 2006 7:59 PM (in response to josey)

Just to be clear, in deploy/jms/uil2-service.xml I set BindAddress to the actual IP address (it was set to ${jboss.bind.address}).
Actions
9. Re: JMS user authentication error (remote) when requesting a

josey Jun 9, 2006 8:54 PM (in response to josey)

${jboss.bind.address} can be set using the -b param with run.sh

E.g., ./run.sh -c all -b 192.111.78.256
Actions

Go to original post