JBossMQ + JAAS, without Guest as unauthenticatedIdentity
smieci997 Jan 30, 2007 3:05 AMCan't get it working: JBossMQ + JAAS
I'm trying to conect to queue with my own user, I'm using JAAS.
What I've got:
Fresh JBOSS 4.0.4 installation, Default config.
In hsqldb-jdbc-state-service.xml - two rows only:
POPULATE.TABLES.01 = INSERT INTO JMS_USERS (USERID, PASSWD) VALUES ('user', 'pass') POPULATE.TABLES.02 = INSERT INTO JMS_ROLES (ROLEID, USERID) VALUES ('publisher','user')
In jbossmq-destinations-service.xml there's only one Queue:
<mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=testQueue"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> <attribute name="MessageCounterHistoryDayLimit">-1</attribute> <attribute name="SecurityConf"> <security> <role name="publisher" read="true" write="true" create="false"/> </security> </attribute> </mbean>
In jbossmq-service.xml my SecurityManager:
<mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager"> <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends> </mbean>
In login-config.xml I removed:
<module-option name = "unauthenticatedIdentity">guest</module-option>
so I've got:
<!-- Security domain for JBossMQ --> <application-policy name = "jbossmq"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "dsJndiName">java:/DefaultDS</module-option> <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option> <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option> </login-module> </authentication> </application-policy>
My simple test application:
Hashtable properties = new Hashtable(); properties.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory"); properties.put(Context.PROVIDER_URL, "jnp://localhost:1099"); properties.put(Context.SECURITY_PRINCIPAL, "user"); properties.put(Context.SECURITY_CREDENTIALS, "pass"); properties.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces" ); InitialContext iniCtx = new InitialContext(properties); Object tmp = iniCtx.lookup("ConnectionFactory"); QueueConnectionFactory qcf = (QueueConnectionFactory) tmp; conn = qcf.createQueueConnection(); que = (Queue) iniCtx.lookup("queue/testQueue"); session = conn.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE); conn.start();
throws:
Exception in thread "main" javax.jms.JMSSecurityException: User: null is NOT authenticated at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:230) at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:66) at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:744) at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:302) at org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:220) at org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:396) at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:392) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743) at java.lang.Thread.run(Thread.java:595)
TRACE from console:
15:54:40,870 DEBUG [SocketManager] Begin ReadTask.run 15:54:40,870 DEBUG [SocketManager] Begin WriteTask.run 15:54:40,870 DEBUG [SocketManager] Created ObjectOutputStream 15:54:40,901 DEBUG [SocketManager] Created ObjectInputStream 15:54:40,901 TRACE [jbossmq] Begin isValid, principal:null, cache info: null 15:54:40,901 TRACE [jbossmq] defaultLogin, principal=null 15:54:40,901 TRACE [jbossmq] Login failure javax.security.auth.login.FailedLoginException: No matching username found in Principals at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:152) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:206) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:215) at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:66) at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:744) at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:302) at org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:220) at org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:396) at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:392) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743) at java.lang.Thread.run(Thread.java:595) 15:54:40,901 TRACE [jbossmq] End isValid, false 15:54:40,917 DEBUG [SocketManager] End WriteTask.run 15:54:40,917 DEBUG [ServerSocketManagerHandler] Exiting on IOE java.net.SocketException: socket closed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) at java.io.BufferedInputStream.read(BufferedInputStream.java:235) at org.jboss.util.stream.NotifyingBufferedInputStream.read(NotifyingBufferedInputStream.java:79) at java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2196) at java.io.ObjectInputStream$BlockDataInputStream.readBlockHeader(ObjectInputStream.java:2376) at java.io.ObjectInputStream$BlockDataInputStream.refill(ObjectInputStream.java:2443) at java.io.ObjectInputStream$BlockDataInputStream.read(ObjectInputStream.java:2515) at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2664) at java.io.ObjectInputStream.readByte(ObjectInputStream.java:875) at org.jboss.mq.il.uil2.SocketManager$ReadTask.run(SocketManager.java:317) at java.lang.Thread.run(Thread.java:595) 15:54:40,917 DEBUG [SocketManager] End ReadTask.run
My other EJB JAAS db authenticated stand-alone apps work fine.
Am I doing JASS authentication the right way?
Best regards,
Michal