Security issue while connecting MDB to remote Topic
sappenin Apr 17, 2008 3:00 PMI have two JBoss Instances/servers -- ServerA [10.1.1.101] & ServerB [10.1.1.102].
I have a Topic deployed on ServerA, and an EJB3 MDB on ServerB that is attempting to connect to the remote Topic on ServerA. I have followed all of the directions in the messaging wiki to connect an EJB3 MDB to a remote queue/topic, and everything works fine (see here: http://wiki.jboss.org/wiki/en/HowDoIConfigureAnEJB3MDBToTalkToARemoteQueue?action=e&windowstate=normal&mode=view).
However, when I remove the "guest" role from the Topic MBean configuration (see below). then the EJB3 MDB on ServerB is unable to connect to the remote topic. However, I have setup username/password in various places (see below).
Is there a proper way I can subscribe/connect to a remote Topic that is secured?
(By the way, MDB's on ServerA *are* able to connect/subscribe to the Topic on serverA, so I know my security store is setup properly, with the appropriate user/passwords defined).
*** MBEAN Deployed on ServerA to create the Topic ***
<mbean code="org.jboss.jms.server.destination.TopicService" name="jboss.messaging.destination:service=Topic,name=CoolTopic" xmbean-dd="xmdesc/Topic-xmbean.xml" > <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends> <depends>jboss.messaging:service=PostOffice</depends> <attribute name="JNDIName">topic/coolTopic</attribute> <attribute name="SecurityConfig"> <security> <role name="system" read="true" write="true" create="true" /> </security> </attribute> </mbean>
*** JMS REMOTE PROVIDER DEPLOYED ON SERVERB, POINTING TO SERVERA ***
<!-- The JMS Remote Provider (used to receive messages from the CoolTopic on ServerA --> <mbean code="org.jboss.jms.jndi.JMSProviderLoader" name="jboss.messaging:service=JMSProviderLoader,name=RemoteJMSProvider,server=remotehost" > <attribute name="ProviderName">RemoteJMSProvider</attribute> <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JNDIProviderAdapter</attribute> --> <!-- The connection factory --> <attribute name="FactoryRef">java:/XAConnectionFactory</attribute> <!-- The queue connection factory --> <attribute name="QueueFactoryRef">java:/XAConnectionFactory</attribute> <!-- The topic factory --> <attribute name="TopicFactoryRef">java:/XAConnectionFactory</attribute> <!-- Connect to JNDI on the host "the-remote-host-name" port 1099--> <attribute name="Properties"> java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.factory.url.pkgs=org.jnp.interfaces java.naming.provider.url=10.1.1.101:1099 java.naming.security.principal=system java.naming.security.credentials=password </attribute> </mbean>
*** EJB3 MDB DECLARATION FOR MDB ON SERVERB ***
@MessageDriven(activationConfig = { @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Topic"), @ActivationConfigProperty(propertyName = "destination", propertyValue = "topic/coolTopic"), @ActivationConfigProperty(propertyName = "providerAdapterJNDI", propertyValue = "java:/RemoteJMSProvider"), @ActivationConfigProperty(propertyName = "subscriptionDurability", propertyValue = "Durable"), @ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "AUTO_ACKNOWLEDGE"), @ActivationConfigProperty(propertyName = "subscriptionName", propertyValue = "coolSubscription"), @ActivationConfigProperty(propertyName = "user", propertyValue = "system"), @ActivationConfigProperty(propertyName = "password", propertyValue = "password") }, messageListenerInterface = MessageListener.class) @TransactionManagement(value = TransactionManagementType.CONTAINER) @RunAs("system") @RolesAllowed( { "admin", "system" })