0 Replies Latest reply on Jan 30, 2007 3:05 AM by smieci997

    JBossMQ + JAAS, without Guest as unauthenticatedIdentity

    smieci997

      Can't get it working: JBossMQ + JAAS

      I'm trying to conect to queue with my own user, I'm using JAAS.

      What I've got:

      Fresh JBOSS 4.0.4 installation, Default config.


      In hsqldb-jdbc-state-service.xml - two rows only:

      POPULATE.TABLES.01 = INSERT INTO JMS_USERS (USERID, PASSWD) VALUES ('user', 'pass')
      POPULATE.TABLES.02 = INSERT INTO JMS_ROLES (ROLEID, USERID) VALUES ('publisher','user')
      



      In jbossmq-destinations-service.xml there's only one Queue:

       <mbean code="org.jboss.mq.server.jmx.Queue"
       name="jboss.mq.destination:service=Queue,name=testQueue">
       <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
       <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
       <attribute name="MessageCounterHistoryDayLimit">-1</attribute>
       <attribute name="SecurityConf">
       <security>
      
       <role name="publisher" read="true" write="true" create="false"/>
      
       </security>
       </attribute>
       </mbean>
      




      In jbossmq-service.xml my SecurityManager:

      <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager">
      
       <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute>
      
       <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
       </mbean>
      






      In login-config.xml I removed:
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      

      so I've got:

       <!-- Security domain for JBossMQ -->
       <application-policy name = "jbossmq">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag = "required">
       <module-option name = "dsJndiName">java:/DefaultDS</module-option>
       <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
       <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
      


      My simple test application:

       Hashtable properties = new Hashtable();
       properties.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
       properties.put(Context.PROVIDER_URL, "jnp://localhost:1099");
       properties.put(Context.SECURITY_PRINCIPAL, "user");
       properties.put(Context.SECURITY_CREDENTIALS, "pass");
       properties.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces" );
      
       InitialContext iniCtx = new InitialContext(properties);
      
       Object tmp = iniCtx.lookup("ConnectionFactory");
       QueueConnectionFactory qcf = (QueueConnectionFactory) tmp;
       conn = qcf.createQueueConnection();
       que = (Queue) iniCtx.lookup("queue/testQueue");
       session = conn.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE);
       conn.start();
      



      throws:


      Exception in thread "main" javax.jms.JMSSecurityException: User: null is NOT authenticated
       at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:230)
       at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:66)
       at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:744)
       at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:302)
       at org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:220)
       at org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:396)
       at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:392)
       at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743)
       at java.lang.Thread.run(Thread.java:595)
      



      TRACE from console:

      15:54:40,870 DEBUG [SocketManager] Begin ReadTask.run
      15:54:40,870 DEBUG [SocketManager] Begin WriteTask.run
      15:54:40,870 DEBUG [SocketManager] Created ObjectOutputStream
      15:54:40,901 DEBUG [SocketManager] Created ObjectInputStream
      15:54:40,901 TRACE [jbossmq] Begin isValid, principal:null, cache info: null
      15:54:40,901 TRACE [jbossmq] defaultLogin, principal=null
      15:54:40,901 TRACE [jbossmq] Login failure
      javax.security.auth.login.FailedLoginException: No matching username found in Principals
       at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:152)
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:206)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:215)
       at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:66)
       at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:744)
       at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:302)
       at org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:220)
       at org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:396)
       at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:392)
       at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743)
       at java.lang.Thread.run(Thread.java:595)
      15:54:40,901 TRACE [jbossmq] End isValid, false
      15:54:40,917 DEBUG [SocketManager] End WriteTask.run
      15:54:40,917 DEBUG [ServerSocketManagerHandler] Exiting on IOE
      java.net.SocketException: socket closed
       at java.net.SocketInputStream.socketRead0(Native Method)
       at java.net.SocketInputStream.read(SocketInputStream.java:129)
       at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
       at java.io.BufferedInputStream.read(BufferedInputStream.java:235)
       at org.jboss.util.stream.NotifyingBufferedInputStream.read(NotifyingBufferedInputStream.java:79)
       at java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2196)
       at java.io.ObjectInputStream$BlockDataInputStream.readBlockHeader(ObjectInputStream.java:2376)
       at java.io.ObjectInputStream$BlockDataInputStream.refill(ObjectInputStream.java:2443)
       at java.io.ObjectInputStream$BlockDataInputStream.read(ObjectInputStream.java:2515)
       at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2664)
       at java.io.ObjectInputStream.readByte(ObjectInputStream.java:875)
       at org.jboss.mq.il.uil2.SocketManager$ReadTask.run(SocketManager.java:317)
       at java.lang.Thread.run(Thread.java:595)
      15:54:40,917 DEBUG [SocketManager] End ReadTask.run
      
      



      My other EJB JAAS db authenticated stand-alone apps work fine.

      Am I doing JASS authentication the right way?

      Best regards,
      Michal