7 Replies Latest reply on Feb 10, 2007 5:39 AM by ovidiu.feodorov

callerPrincipal changed after connecting JMS from EJB

alllle Feb 1, 2007 7:45 PM

When my SLSB is invoked, it has the caller principal set to the client supplied username. Inside my SLSB, I send out a JMS message to a topic using a different user/pass specified in the JMS configuration. It is done via ConnectionFactory.createConnection(user, pass). However, after the message is delivered, the username returned from getCallerPrincipal() in my SLSB changed to the JMS username.

Is this a bug?

1. Re: callerPrincipal changed after connecting JMS from EJB

uji Feb 2, 2007 6:27 AM (in response to alllle)

I have the same problem.

after having sent a message from a SLSB the security principal switches to the one used by JBoss Messaging!!!
Actions
2. Re: callerPrincipal changed after connecting JMS from EJB

timfox Feb 2, 2007 1:05 PM (in response to alllle)

What version of JBM are you using?

I believe this is something to do with context class loaders being set in messaging when doing a send.

Can you please post a bug report we will investigate.
Actions
3. Re: callerPrincipal changed after connecting JMS from EJB

uji Feb 2, 2007 4:24 PM (in response to alllle)

i post a bug: JBMESSAGING-807

http://jira.jboss.com/jira/browse/JBMESSAGING-807
Actions
4. Re: callerPrincipal changed after connecting JMS from EJB

alllle Feb 2, 2007 6:12 PM (in response to alllle)

I am using the jboss-messaging-1.0.1.SP2.

I remember I tracked into JBoss authentication code before and the username/password are stored in a Thread local variable of type SecurityAssociation. I think that is the reason why this happened: The JMS client overwrites the SecurityAssociation with its own when making the connection.
Actions
5. Re: callerPrincipal changed after connecting JMS from EJB

ovidiu.feodorov Feb 2, 2007 9:52 PM (in response to alllle)

Thanks for the bug report. I scheduled it for 1.0.1.SP4, let's see ...
Actions
6. Re: callerPrincipal changed after connecting JMS from EJB

ovidiu.feodorov Feb 9, 2007 11:41 PM (in response to alllle)

The problem was caused by our SecurityMetadataStore that was pushing the new Principal/Credential on the thread local's authentication info stack. I just removed that. All tests pass (including the one that I wrote for the bug).

Tim, any particular reason you did the "SecurityActions.pushSubjectContext(principal, passwordChars, subject)" thing for?
Actions

7. Re: callerPrincipal changed after connecting JMS from EJB

ovidiu.feodorov Feb 10, 2007 5:39 AM (in response to alllle)

Looks like something is still wrong after all:

run:
 [java] Queue /queue/SmokeTestQueue exists
 [java] javax.jms.JMSSecurityException: User: null is not authorized to write to destination SmokeTestQueue
 [java] at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:267)
 [java] at org.jboss.jms.server.container.SecurityAspect.handleSend(SecurityAspect.java:148)
 [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 [java] at java.lang.reflect.Method.invoke(Method.java:324)

I stopped the SP4 release because of this.

Go to original post