Problem with user authorization using JBM Bridge configuatio
armsargis Apr 8, 2009 11:15 AMHi all I am trying to configure JBM Bridge here is my test configuration:
jms-ds.xml:
<mbean code="org.jboss.jms.jndi.JMSProviderLoader" name="jboss.messaging:service=JMSProviderLoader,name=JMSProvider"> <attribute name="ProviderName">DefaultJMSProvider</attribute> <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JNDIProviderAdapter</attribute> <attribute name="FactoryRef">java:/XAConnectionFactory</attribute> <attribute name="QueueFactoryRef">java:/XAConnectionFactory</attribute> <attribute name="TopicFactoryRef">java:/XAConnectionFactory</attribute> </mbean> <mbean code="org.jboss.jms.jndi.JMSProviderLoader" name="jboss.messaging:service=JMSProviderLoader,name=SOClassRemoteJMSProvider"> <attribute name="ProviderName">SOClassRemoteJMSProvider</attribute> <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JNDIProviderAdapter</attribute> <!-- The combined connection factory --> <attribute name="FactoryRef">java:/XAConnectionFactory</attribute> <!-- The queue connection factory --> <attribute name="QueueFactoryRef">java:/XAConnectionFactory</attribute> <!-- The topic factory --> <attribute name="TopicFactoryRef">java:/XAConnectionFactory</attribute> <attribute name="Properties"> java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces java.naming.provider.url=192.168.100.78:1099 </attribute> </mbean>
*-bridge-service
<?xml version="1.0" encoding="UTF-8"?> <server> <mbean code="org.jboss.jms.server.bridge.BridgeService" name="jboss.jms:service=Bridge,name=SOClassBridge" xmbean-dd="xmdesc/Bridge-xmbean.xml"> <depends optional-attribute-name="SourceProviderLoader">jboss.messaging:service=JMSProviderLoader,name=JMSProvider</depends> <depends optional-attribute-name="TargetProviderLoader">jboss.messaging:service=JMSProviderLoader,name=SOClassRemoteJMSProvider</depends> <depends>jboss.messaging.destination:service=Queue,name=SOClassCallbacks</depends> <attribute name="SourceDestinationLookup">/queue/SOClassCallbacks</attribute> <attribute name="TargetDestinationLookup">/queue/EllipseRequests</attribute> <attribute name="SourceUsername">ellipse</attribute> <attribute name="SourcePassword">ellipse123</attribute> <attribute name="TargetUsername">soclass</attribute> <attribute name="TargetPassword">soclass123</attribute> <!-- Optional: The Quality Of Service mode to use, one of: QOS_AT_MOST_ONCE = 0; QOS_DUPLICATES_OK = 1; QOS_ONCE_AND_ONLY_ONCE = 2;--> <attribute name="QualityOfServiceMode">0</attribute> <!-- <attribute name="Selector">specify-jms-selector-here</attribute> --> <attribute name="MaxBatchSize">5</attribute> <attribute name="MaxBatchTime">-1</attribute> <!-- <attribute name="SubName">mysub</attribute> --> <!-- <attribute name="ClientID">myClientID</attribute> --> <attribute name="FailureRetryInterval">5000</attribute> <attribute name="MaxRetries">-1</attribute> <attribute name="AddMessageIDInHeader">false</attribute> </mbean> </server>
according my configs I want automatically forward messages from JMSProvider:/queue/SOClassCallbacks to SOClassRemoteJMSProvider:/queue/EllipseRequests.
But I have problem with authorization, here is outputs with trace log level from JMSProvider:
16:50:38,446 TRACE [SecurityAspect] checking access permissions to JBossQueue[EllipseRequests] 16:50:38,446 DEBUG [JBossASSecurityMetadataStore] No SecurityMetadadata was available for EllipseRequests, using default security config 16:50:38,446 TRACE [SecurityMetadata] Adding role: Role {name=guest;read=true;write=true;create=true} 16:50:38,446 TRACE [JBossASSecurityMetadataStore] authenticating user soclass 16:50:38,447 TRACE [JBossASSecurityMetadataStore] authorizing user soclass for role(s) [guest] 16:50:38,447 TRACE [JBossASSecurityMetadataStore] user soclass is NOT authorized 16:50:38,447 WARN [Bridge] jboss.jms:name=SOClassBridge,service=Bridge Failed to send + acknowledge batch, closing JMS objects javax.jms.JMSSecurityException: User: soclass is not authorized to write to destination EllipseRequests at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:312) at org.jboss.jms.server.container.SecurityAspect.handleSendTransaction(SecurityAspect.java:190) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:122) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.jms.server.endpoint.advised.ConnectionAdvised.sendTransaction(ConnectionAdvised.java) at org.jboss.jms.wireformat.ConnectionSendTransactionRequest.serverInvoke(ConnectionSendTransactionRequest.java:82) at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908) at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106) at org.jboss.remoting.Client.invoke(Client.java:1708) at org.jboss.remoting.Client.invoke(Client.java:612) at org.jboss.remoting.Client.invoke(Client.java:600) at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:189) at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:160) at org.jboss.jms.client.delegate.ClientConnectionDelegate.org$jboss$jms$client$delegate$ClientConnectionDelegate$sendTransaction$aop(ClientConnectionDelegate.java:221)
as I noticed JBM trying to authorize remote soclass user using local Security configs. Can you provide any info why its like this? Please note my remote configs is ok I tested it with JMS client application and I am able to read and write ti this queue