3rd party engine hurts JMS security
Hello,
my constellation used a 3rd party engine for communicating with a legacy system in jBoss 4.0.5GA. All works fine until i began to use JMS for communication with some other systems. All settings for JMS are correct, i tried security with standard users and no security, all fails at this point (from log view): (if failing, log entry is not displayed.)
SpyDestinationObjectFactory] SpyDestinationObjectFactory->getObjectInstance()
with following exception:
{code}
javax.jms.JMSSecurityException: User: null is NOT authenticated
at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:230)
at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:66)
at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:613)
at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:172)
at org.jboss.mq.il.jvm.JVMServerIL.authenticate(JVMServerIL.java:165)
at org.jboss.mq.Connection.authenticate(Connection.java:1065)
at org.jboss.mq.Connection.<init>(Connection.java:252)
at org.jboss.mq.Connection.<init>(Connection.java:323)
at org.jboss.mq.SpyConnection.<init>(SpyConnection.java:116)
at org.jboss.mq.SpyConnectionFactory.internalCreateConnection(SpyConnectionFactory.java:137)
at org.jboss.mq.SpyConnectionFactory.createQueueConnection(SpyConnectionFactory.java:108)
at org.jboss.ejb.plugins.jms.DLQHandler.createService(DLQHandler.java:187)
at org.jboss.system.ServiceMBeanSupport.jbossInternalCreate(ServiceMBeanSupport.java:260)
at org.jboss.system.ServiceMBeanSupport.create(ServiceMBeanSupport.java:188)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker.innerStartDelivery(JMSContainerInvoker.java:510)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker.startService(JMSContainerInvoker.java:839)
at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
at $Proxy0.start(Unknown Source)
{code}
If i remove the 3rd party engine, everything is fine. I have located the problem in a small piece of static code from a main class in this engine:
{code}
AuthPolicy.registerAuthScheme("Negotiate", ISGNegotiateScheme.class);
ArrayList schemes = new ArrayList();
schemes.add("Negotiate");
schemes.add("Digest");
HttpParams params = DefaultHttpParams.getDefaultParams();
params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
// Register login configuration and callback handler
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
Security.setProperty("auth.login.defaultCallbackHandler",
"com.isg.common.kds.ISGNegotiateCallbackHandler");
Configuration cfg = new Configuration() {
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
HashMap opts = new HashMap();
opts.put("client", "true");
opts.put("debug", "true");
AppConfigurationEntry entry = new AppConfigurationEntry(
"com.sun.security.auth.module.Krb5LoginModule",
LoginModuleControlFlag.REQUIRED, opts);
return new AppConfigurationEntry[] { entry };
}
public void refresh() {
}
};
Configuration.setConfiguration(cfg);
{code}
This static code will be started early after application starts. I think it setted the authentification for HTTP communication to other login module (KRB5) and after this JMS can't find anymore users.
What can i do to safe JMS by this?
Thanks.