Securing Queues fails when using JmsXA
Hello,
I'm using JBoss 5.1.0.GA, jdk 1.6, on Linux.
I need to use distributed transaction with JBoss Messaging, so I used JmsXA for the connection factory.
I changed the DB for messaging, so I used Oracle DB.
With the default security, I was able to send/consume messages to a Queue.
I decided to add a user in the Oracle DB, and that user to have rights to send/receive messages from my Queue.
So, I did the following:
1. create a new user in the Oracle DB:
INSERT INTO JBM_USER (USER_ID, PASSWD, CLIENTID) VALUES ('my-user', 'my-user-pwd', null);
INSERT INTO JBM_ROLE (ROLE_ID, USER_ID) VALUES ('my-role', 'my-user');
2. in code, when obtaining a connection, I would use the username: "my-user", password: "my-user-pwd":
Connection connection = connectionFactory.createConnection("my-user", "my-user-pwd");
3. I created a new file for defining destinations, named, my-jms-service.xml, and put it in xxx/deploy/
<?xml version="1.0" encoding="UTF-8"?>
<server>
<mbean code="org.jboss.jms.server.destination.QueueService"
name="orvaal.rtra.jms.destination:service=Queue,name=MyQueue"
xmbean-dd="xmdesc/Queue-xmbean.xml">
<depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
<depends>jboss.messaging:service=PostOffice</depends>
<attribute name="SecurityConfig">
<security>
<role name="my-role" read="true" write="true"/>
</security>
</attribute>
</mbean>
</server>
4. In xxx/conf/login-config.xml, I created a new <application-policy>:
<application-policy name="MyJmsXARealm">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/jdbc/MyXAOracleDSJms</module-option>
<module-option name="principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option>
<module-option name="rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option>
</login-module>
</authentication>
</application-policy>
java:/jdbc/MyXAOracleDSJms is the JNDI name for the datasource configured for the Oracle DB used by JBoss Messaging
5. In xxx/deploy/messaging/jms-ds.xml, I edited the JmsXA to know of the created MyJmsXARealm:
<!-- JMS XA Resource adapter, use this to get transacted JMS in beans -->
<tx-connection-factory>
<jndi-name>JmsXA</jndi-name>
<xa-transaction/>
<rar-name>jms-ra.rar</rar-name>
<connection-definition>org.jboss.resource.adapter.jms.JmsConnectionFactory</connection-definition>
<config-property name="SessionDefaultType" type="java.lang.String">javax.jms.Topic</config-property>
<config-property name="JmsProviderAdapterJNDI" type="java.lang.String">java:/DefaultJMSProvider</config-property>
<max-pool-size>20</max-pool-size>
<!-- COMMENTED THE INITIAL REALM <security-domain-and-application>JmsXARealm</security-domain-and-application> -->
<security-domain-and-application>MyJmsXARealm</security-domain-and-application>
<depends>jboss.messaging:service=ServerPeer</depends>
</tx-connection-factory>
The error is:
2010-12-15 15:27:53,374 ERROR [org.jboss.resource.adapter.jms.JmsSessionFactoryImpl] (http-127.0.0.1-8080-1) could not create session
java.lang.SecurityException: Unauthenticated caller:null
at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:92)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
at org.jboss.resource.adapter.jms.JmsSessionFactoryImpl.allocateConnection(JmsSessionFactoryImpl.java:395)
at org.jboss.resource.adapter.jms.JmsSessionFactoryImpl.createSession(JmsSessionFactoryImpl.java:374)
at MySLSB.addToMyQueue(MySLSB.java:103)
Have I done something wrong?
Thanks.