Security config in 1.2.0.sp1
pascallambert May 2, 2007 11:48 AMI've install jbm 1.2.0.sp1 on a default JBAS 4.0.5GA like mentionned in the install guide but when I try to run our apps on it i'm getting the following exception:
javax.jms.JMSSecurityException: User: admin is not authorized to read from destination rawdata at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:260) at org.jboss.jms.server.container.SecurityAspect.handleCreateConsumerDelegate(SecurityAspect.java:107) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:121) at org.jboss.jms.server.endpoint.advised.SessionAdvised$createConsumerDelegate_6311124154581125663.invokeNext(SessionAdvised$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105) at org.jboss.jms.server.endpoint.advised.SessionAdvised$createConsumerDelegate_6311124154581125663.invokeNext(SessionAdvised$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.server.endpoint.advised.SessionAdvised.createConsumerDelegate(SessionAdvised.java) at org.jboss.jms.wireformat.SessionCreateConsumerDelegateRequest.serverInvoke(SessionCreateConsumerDelegateRequest.java:95) at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:125) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:734) at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:553) at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:377) at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:159) at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:163) at org.jboss.remoting.Client.invoke(Client.java:1544) at org.jboss.remoting.Client.invoke(Client.java:530) at org.jboss.remoting.Client.invoke(Client.java:518) at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:184) at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:155) at org.jboss.jms.client.delegate.ClientSessionDelegate.org$jboss$jms$client$delegate$ClientSessionDelegate$createConsumerDelegate$aop(ClientSessionDelegate.java:230) at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.client.container.StateCreationAspect.handleCreateConsumerDelegate(StateCreationAspect.java:147) at org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect30.invoke(StateCreationAspect30.java) at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.client.container.ConsumerAspect.handleCreateConsumerDelegate(ConsumerAspect.java:68) at org.jboss.aop.advice.org.jboss.jms.client.container.ConsumerAspect29.invoke(ConsumerAspect29.java) at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.client.container.FailoverValveInterceptor.invoke(FailoverValveInterceptor.java:91) at org.jboss.aop.advice.PerInstanceInterceptor.invoke(PerInstanceInterceptor.java:105) at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.client.container.ClosedInterceptor.invoke(ClosedInterceptor.java:171) at org.jboss.aop.advice.PerInstanceInterceptor.invoke(PerInstanceInterceptor.java:105) at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.client.container.ExceptionInterceptor.invoke(ExceptionInterceptor.java:71) at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.client.container.ClientLogInterceptor.invoke(ClientLogInterceptor.java:107) at org.jboss.jms.client.delegate.ClientSessionDelegate$createConsumerDelegate_6311124154581125663.invokeNext(ClientSessionDelegate$createConsumerDelegate_6311124154581125663.java) at org.jboss.jms.client.delegate.ClientSessionDelegate.createConsumerDelegate(ClientSessionDelegate.java) at org.jboss.jms.client.JBossSession.createConsumer(JBossSession.java:237) at org.jboss.jms.client.JBossSession.createSubscriber(JBossSession.java:432) at com.wmx.tools.TopicReaderCommand.setUpJmsSubscription(TopicReaderCommand.java:93) at com.wmx.tools.TopicReaderCommand.execute(TopicReaderCommand.java:69) at com.wmx.tools.CommandTool.main(CommandTool.java:46) at com.wmx.tools.TopicReaderCommand.main(TopicReaderCommand.java:63)
I'm using JBoss AS 4.0.5GA, jboss-messaging 1.2.0 sp1, Java 6.
I've changed the defaultDS to Postgresql and I've removed HSQL config file (both in deploy and in jboss-messaging.sar) and replaced them with Postgresql config files.
It seems to me that the roles are not read properly.
Any idea?
* here is my deploy/postgres-ds.xml file:
<datasources> <local-tx-datasource> <jndi-name>DefaultDS</jndi-name> <connection-url>jdbc:postgresql://localhost/jbossmessaging</connection-url> <driver-class>org.postgresql.Driver</driver-class> <user-name>jms</user-name> <password>jms</password> <metadata> <type-mapping>PostgreSQL 7.2</type-mapping> </metadata> </local-tx-datasource> </datasources>
* here is part of my conf/login-config.xml:
<application-policy name = "messaging"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "dsJndiName">java:/DefaultDS</module-option> <module-option name = "principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option> <module-option name = "rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option> </login-module> </authentication> </application-policy>
* here is part of my deploy/jboss-messaging.sar/destination-service.xml:
<mbean code="org.jboss.jms.server.destination.TopicService" name="jboss.messaging.destination:service=Topic,name=rawdata" xmbean-dd="xmdesc/Topic-xmbean.xml"> <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends> <depends>jboss.messaging:service=PostOffice</depends> <attribute name="JNDIName">rawdata</attribute> <attribute name="SecurityConfig"> <security> <role name="umslink" read="true" write="true" create="true"/> </security> </attribute> </mbean>
* here is part of my deploy/jboss-messaging.sar/postgresql-persistence-service.xml:
<mbean code="org.jboss.jms.server.plugin.JDBCJMSUserManagerService" name="jboss.messaging:service=JMSUserManager" xmbean-dd="xmdesc/JMSUserManager-xmbean.xml"> <depends>jboss.jca:service=DataSourceBinding,name=DefaultDS</depends> <depends optional-attribute-name="TransactionManager">jboss:service=TransactionManager</depends> <attribute name="DataSource">java:/DefaultDS</attribute> <attribute name="CreateTablesOnStartup">true</attribute> <attribute name="SqlProperties"><![CDATA[ CREATE_USER_TABLE=CREATE TABLE JBM_USER (USER_ID VARCHAR(32) NOT NULL, PASSWD VARCHAR(32) NOT NULL, CLIENTID VARCHAR(128), PRIMARY KEY(USER_ID)) CREATE_ROLE_TABLE=CREATE TABLE JBM_ROLE (ROLE_ID VARCHAR(32) NOT NULL, USER_ID VARCHAR(32) NOT NULL, PRIMARY KEY(USER_ID, ROLE_ID)) SELECT_PRECONF_CLIENTID=SELECT CLIENTID FROM JBM_USER WHERE USER_ID=? POPULATE.TABLES.100 = INSERT INTO JBM_USER (USER_ID, PASSWD, CLIENTID) VALUES ('admin', 'admin', 'admin') POPULATE.TABLES.101 = INSERT INTO JBM_ROLE (ROLE_ID, USER_ID) VALUES ('umslink','admin') POPULATE.TABLES.102 = INSERT INTO JBM_USER (USER_ID,PASSWD,CLIENTID) VALUES ('dilbert','dogbert','dilbert-id') ]]></attribute> </mbean>