4 Replies Latest reply on Jun 3, 2005 1:34 PM by adrian.brock

    Removing MDB username and password from jboss.xml

    gray1

      Hi all,

      I posted the following question
      http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3880061#3880061 in the JBoss security jaas forum.

      The response I got back indicates that what I am trying to do (remove the JMS username and password from the MDB section of jboss.xml so I don't have usernames and passwords in my deployment artifact - the EAR) is not currently possible but according to my understanding of the intentions of J2EE this is pretty important for anyone that has a true separation of roles between bean developer and bean deployer.

      So as per Adrian Brock's suggestion I am raising this as an item for discussion. Please read the above link and put forward your comments or suggestions for how this feature could be added to JBoss.

      Thanks,

      Graeme.

        • 1. Re: Removing MDB username and password from jboss.xml
          starksm64

          If the mdb invoker can be configured to use the jms rar then there should already be the ability to specify how the connection credentials are obtained using the existing jaas/jca integration. I don't remember off the top of my head if we can do this. Seems like its just configuring a JMSProviderLoader to use the java:JmsXA factory.

          • 2. Re: Removing MDB username and password from jboss.xml

            No you can't use the JCA *pooled* JMS connection for the MDB.

            The real issue is being to able define the user/password through JAAS
            on the JMS Provider config, rather than defining it in the ejb config.

            The comment about deployment roles is irrelevent, since the admin can always
            define it standardjboss.xml

            • 3. Re: Removing MDB username and password from jboss.xml
              starksm64

              So refresh my memory on why the jms rar cannot be used. Fundamental mismatch between jca and mdb semantics or we just don't have the neccessary pooling implementation available?

              Its certainly no problem to add support for obtaining connection credentials from jaas to the JMS Provider, but if we can't configure a jca provider there would seem to be a spec mismatch here.

              • 4. Re: Removing MDB username and password from jboss.xml

                Because the EJB2.0 MDB uses the ConnectionConsumer with a ServerSessionPool
                provided by the J2EE container.

                1) J2EE6.7 explicitly denies access to the ConnectionConsumer from the resource adapter
                and one session per connection (not a pool of sessions like the ServerSessionPool)
                2) The ConnectionConsumer requires a "static" unshared connection
                not a pooled connection