2 Replies Latest reply on Jun 7, 2010 7:32 AM by timfox

JBoss/Security Context Question

robertjlee Jun 7, 2010 6:43 AM

I'm not sure if this is the right place for this, but since switching to HornetQ, the behaviour of security context on MDBs seem to have changed slightly.

Previously, when a session bean sent a message to an queue to which an MDB subscribes, the message seemed to be processed using the security context of the sender. The behaviour under HornetQ seems less predictable, in that sometimes it seems to be authenticated and sometimes it does not (this could just be non-blocking messages as per the warning on section 31.6.1 of the HornetQ 2.1 manual?)

What is the correct behaviour here? Should the consumer know anything about the user who sent the message?

Message was edited by: Robert Lee to fix typo in section number

1. Re: JBoss/Security Context Question

ataylor Jun 7, 2010 7:00 AM (in response to robertjlee)

How is your security configured in hornetq?
Actions
2. Re: JBoss/Security Context Question

timfox Jun 7, 2010 7:32 AM (in response to robertjlee)

Robert Lee wrote:

What is the correct behaviour here? Should the consumer know anything about the user who sent the message?

Senders security context should not be propagated to consumers with MDBs. They should be de-coupled.
Actions

Go to original post