8 Replies Latest reply on Apr 11, 2008 6:19 AM by lhunath

Authentication issues. (User null is NOT authenticated)

lhunath Apr 10, 2008 3:09 AM

I've been working on migrating from JBossMQ to JBossMessaging with JBoss AS 4.2.2.GA. I'm using JBossMessaging 1.4.0.SP3.

Our JBoss AS is completely configured through Maven. We put the JBoss AS as a zip artifact in a local repository; extract it from there using the maven-depenency-plugin and do some assembling to get the correct libraries in the correct locations with the maven-assembly-plugin. Configuration is done through maven filtering the JBoss XML configuration files. All this worked perfectly before I started the migration to JBossMessaging from JBossMQ.

Seeing as so much has been customized about our JBoss AS, I went about this manually rather than using the script.

Unfortunately when actually launching our application in the AS, JMS starts complaining about the fact that it cannot authenticate the user null. I'm assuming I somewhere forgot to mention what user it's supposed to be defaulting to? However, such a "default" user had not been configured for JBossMQ either, as far as I know.

The exception: http://www.lhunath.lyndir.com/stuff/jboss.log

Trace messages on org.jboss.jms & org.jboss.ejb.plugins.jms: http://www.lhunath.lyndir.com/stuff/trace.log

Here's an overview of what exactly I did to replace JBossMQ by JBossMessaging:

I removed the jbossmq.jar from server/default/lib.
I moved jms-ds.xml and jms-ra.rar from server/default/deploy/jms into server/default/deploy and removed the server/default/deploy/jms directory.
In server/default/conf/standardjboss.xml I toggled CreateJBossMQDestination to false .
In server/default/conf/login-config.xml I commented the JBossMQ application-policy and added one for JBossMessaging: http://www.lhunath.lyndir.com/stuff/login-config.xml
In server/default/conf/jboss-service.xml I removed jboss.mq:service=DestinationManager

Removed server/default/deploy/jboss-messaging.sar/hsqldb-persistence-service.xml and replaced it with the mysql-persistence-service.xml from the examples directory. Modifications made to the mysql-persistence-service.xml include changing of DefaultDS to the DS we use and removed all POPULATE.TABLES.X instances except for the guest ones. See http://www.lhunath.lyndir.com/stuff/mysql-persistence-service.xml.

Any files not mentioned are kept at their defaults.

Additionally, the SAR that configures our MDBs has the following done to META-INF/jboss-service.xml:

Added the following to the top of the file:

<loader-repository>jboss.messaging:loader=ScopedLoaderRepository
 <loader-repository-config>java2ParentDelegation=false</loader-repository-config>
 </loader-repository>

Diff of our queue configuration:

- <mbean code="org.jboss.mq.server.jmx.Queue"
- name="safeonline:service=Queue,name=outgoing-email">
- <attribute name="JNDIName">queue/outgoing-email</attribute>
- <depends optional-attribute-name="DestinationManager">
- jboss.mq:service=DestinationManager
- </depends>
+ <mbean code="org.jboss.jms.server.destination.QueueService"
+ name="safeonline:service=Queue,name=outgoing-email"
+ xmbean-dd = "xmdesc/Queue-xmbean.xml">
+ <attribute name="JNDIName">queue/outgoing-email</attribute>
+ <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
+ <depends>jboss.messaging:service=PostOffice</depends>
 </mbean>

- <mbean code="org.jboss.mq.server.jmx.Queue"
- name="safeonline:service=Queue,name=auditBackend">
- <attribute name="JNDIName">queue/auditBackend</attribute>
- <depends optional-attribute-name="DestinationManager">
- jboss.mq:service=DestinationManager
- </depends>
+ <mbean code="org.jboss.jms.server.destination.QueueService"
+ name="safeonline:service=Queue,name=auditBackend"
+ xmbean-dd = "xmdesc/Queue-xmbean.xml">
+ <attribute name="JNDIName">queue/auditBackend</attribute>
+ <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
+ <depends>jboss.messaging:service=PostOffice</depends>
 </mbean>

Do request any further information required to diagnose the problem.

1. Re: Authentication issues. (User null is NOT authenticated)

ataylor Apr 10, 2008 4:08 AM (in response to lhunath)
since you are using DatabaseServerLoginModule for users and roles, check in th edatabase that the guest roles actually exist. alternatively use the file based login module i.e.
<application-policy name="messaging"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="usersProperties">props/messaging-users.properties</module-option> <module-option name="rolesProperties">props/messaging-roles.properties</module-option> </login-module> </authentication> </application-policy>

and creat the following files under conf/props:

messaging-roles.properties which should contain
guest=guest

and messaging-users.properties which should contain
guest=guest
Actions
2. Re: Authentication issues. (User null is NOT authenticated)

apwalker Apr 10, 2008 5:13 AM (in response to lhunath)
It's looks like a security config issue on the JMS Sender side.

Can you post the code you are using to send the message. Also what ConnectionFactory are you using. If you everything is running in the same JVM you should be usng java:/ConnectionFactory instead of ConnectionFactory when looking them up in JNDI. I say that because from the logs I'm seeing the bi-socket in the remoting layer. So I'm pretty sure your doing the lookup using ... initialContext.lookup("ConnectionFactory") ...

Are you using something like
... connectionFactory.createConnection(username,password) or ... connectionFactory.createConnection()
Actions

3. Re: Authentication issues. (User null is NOT authenticated)

lhunath Apr 11, 2008 3:47 AM (in response to lhunath)

This is the code used for sending an audit message on the audit queue.

 public static final String CONNECTION_FACTORY_NAME = "java:/JmsXA";
 [...]

 @Resource(mappedName = AuditConstants.CONNECTION_FACTORY_NAME)
 private ConnectionFactory factory;

 @TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
 public void finalizeAuditContext(Long auditContextId) {
 LOG.debug("finalizing audit context: " + auditContextId);
 AuditMessage auditMessage = new AuditMessage(auditContextId);
 try {
 Connection connection = this.factory.createConnection();
 try {
 Session session = connection.createSession(true, 0);
 try {
 MessageProducer producer = session
 .createProducer(this.auditBackendQueue);
 try {
 Message message = auditMessage.getJMSMessage(session);
 producer.send(message);
 } finally {
 producer.close();
 }
 } finally {
 session.close();
 }
 } finally {
 connection.close();
 }
 } catch (JMSException e) {
 this.auditAuditDAO.addAuditAudit("unable to publish audit context "
 + auditContextId + " - reason: " + e.getMessage()
 + " - errorCode: " + e.getErrorCode());
 }
 }

4. Re: Authentication issues. (User null is NOT authenticated)

lhunath Apr 11, 2008 3:50 AM (in response to lhunath)

From server/default/deploy/jms-ds.xml:

<tx-connection-factory>
 <jndi-name>JmsXA</jndi-name>
 <xa-transaction/>
 <rar-name>jms-ra.rar</rar-name>
 <connection-definition>org.jboss.resource.adapter.jms.JmsConnectionFactory</connection-definition>
 <config-property name="SessionDefaultType" type="java.lang.String">javax.jms.Topic</config-property>
 <config-property name="JmsProviderAdapterJNDI" type="java.lang.String">java:/DefaultJMSProvider</config-property>
 <max-pool-size>20</max-pool-size>
 <blocking-timeout-millis>300000</blocking-timeout-millis>
 <security-domain-and-application>JmsXARealm</security-domain-and-application>
 </tx-connection-factory>

5. Re: Authentication issues. (User null is NOT authenticated)

ataylor Apr 11, 2008 3:56 AM (in response to lhunath)

You need to check that the guest user and role exists in the database. this is the user that is used when none is provided, i.e. in this.factory.createConnection();, if it doesnt exist then you will get this error.
Actions

6. Re: Authentication issues. (User null is NOT authenticated)

lhunath Apr 11, 2008 4:13 AM (in response to lhunath)

mysql> select * from JBM_USER;
+---------+--------+----------+
| USER_ID | PASSWD | CLIENTID |
+---------+--------+----------+
| guest | guest | NULL |
+---------+--------+----------+
1 row in set (0.00 sec)

mysql> select * from JBM_ROLE;
+---------+---------+
| ROLE_ID | USER_ID |
+---------+---------+
| guest | guest |
+---------+---------+
1 row in set (0.00 sec)

7. Re: Authentication issues. (User null is NOT authenticated)

lhunath Apr 11, 2008 5:10 AM (in response to lhunath)

I've changed the security-domain-and-application in server/default/deploy/jms-ds.xml from JmsXARealm into messaging to no avail

Changing the messaging policy in server/default/conf/login-config.xml to use the property files in conf/props (after creating them as well, naturally) instead of the mysql data source has not helped either.
Actions
8. Re: Authentication issues. (User null is NOT authenticated)

lhunath Apr 11, 2008 6:19 AM (in response to lhunath)

After turning on TRACE level debugging on the org.jboss.security category I noticed that ROLEID had to become ROLE_ID in server/default/conf/login-config.xml

After fixing this; the problem develops into something else:

http://www.lhunath.lyndir.com/stuff/auth (javax.resource.spi.SecurityException: No Password credentials found)
Actions

Go to original post