javax.jms.JMSSecurityException
nlmarco Mar 29, 2005 11:39 AMHello *,
I've a message driven bean subscribed to a queue. The queue is created with the following xxx-service.xml:
<?xml version="1.0" encoding="UTF-8"?> <server> <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=MyMQSecurityManager"> <attribute name="DefaultSecurityConfig"> <security> <role name="_LocalQueueWriter_" read="false" write="true"/> <role name="_LocalQueueReader_" read="true" write="false"/> </security> </attribute> <attribute name="SecurityDomain">java:/jaas/ipanemaLocal</attribute> <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends> </mbean> <mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=my/Queue"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=MyMQSecurityManager</depends> <attribute name="SecurityManager">jboss.mq:service=MyMQSecurityManager</attribute> <attribute name="RedeliveryDelay">10000</attribute> <attribute name="RedeliveryLimit">3</attribute> </mbean> </server>
The MDB has security domain, user and password defined in the jboss.xml (excerpt):
... <container-configuration> <container-name>Standard Message Driven Bean</container-name> <role-mapping-manager>java:/jaas/session-roles</role-mapping-manager> <security-domain>java:/jaas/ipanemaLocal</security-domain> </container-configuration> ... <message-driven> <ejb-name>my/mdb/MyListener</ejb-name> <destination-jndi-name>queue/my/Queue</destination-jndi-name> <mdb-user>_LocalQueueReader_</mdb-user> <mdb-passwd>test</mdb-passwd> </message-driven> ...
It all works fine, if I allow "guest" to read and don't define an user for the mdb, but with the above configuration, the authentication fails. What is really strange is that it doesn't even trigger the login method of my custom LoginModule (which works fine when writing into the queue). Here's an excerpt of my jboss server log:
18:23:12,561 INFO [JMSContainerInvoker] Reconnected to JMS provider 18:23:12,562 WARN [JMSContainerInvoker] JMS provider failure detected: javax.jms.JMSSecurityException: User: _LocalQueueReader_ is NOT authenticated at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:215) at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:51) at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:781) at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:287) at org.jboss.mq.il.jvm.JVMServerIL.authenticate(JVMServerIL.java:301) at org.jboss.mq.Connection.authenticate(Connection.java:1160) at org.jboss.mq.Connection.<init>(Connection.java:255) at org.jboss.mq.SpyConnection.<init>(SpyConnection.java:55) at org.jboss.mq.SpyXAConnection.<init>(SpyXAConnection.java:52) at org.jboss.mq.SpyXAConnectionFactory.createXAConnection(SpyXAConnectionFactory.java:98) at org.jboss.mq.SpyXAConnectionFactory.createXAQueueConnection(SpyXAConnectionFactory.java:119) at org.jboss.jms.ConnectionFactoryHelper.createQueueConnection(ConnectionFactoryHelper.java:67) at org.jboss.ejb.plugins.jms.JMSContainerInvoker.innerCreate(JMSContainerInvoker.java:690) at org.jboss.ejb.plugins.jms.JMSContainerInvoker.startService(JMSContainerInvoker.java:764) at org.jboss.ejb.plugins.jms.JMSContainerInvoker$ExceptionListenerImpl.onException(JMSContainerInvoker.java:1267) at org.jboss.ejb.plugins.jms.JMSContainerInvoker$1.run(JMSContainerInvoker.java:776)
What am I doing wrong? Any ideas?
Because my login module is not triggered, I assume that I have to define the security domain in a different way than I do for my session beans. But if so, how?
Thanks a lot for your help in advance!
Marco ;-)