3 Replies Latest reply on Jan 27, 2012 4:15 AM by zgood

    Propagate security context from ejb to MDB

    zgood
    zgood Oct 1, 2011 4:08 AM

      Hello!

      My environment is JBoss AS6 with hornetq 2.1.

      I have two slsb, and one mdb. There are all in one security domain. First slsb send message to mdb, then mdb calls second slsb. But slsb call from mdb falls with "Invalid user".

      I configured Client Login according to User Manual. Here is hornetq-jboss-beans.xml security configuration:

       

      {code:xml}<bean name="HornetQSecurityManager" class="org.hornetq.integration.jboss.security.JBossASSecurityManager">
            <start ignored="true"/>
            <stop ignored="true"/>
            <depends>JBossSecurityJNDIContextEstablishment</depends>
            <property name="allowClientLogin">true</property>
            <property name="authoriseOnClientLogin">true</property>
      </bean>{code}

       

      What should i do to propagate security domain from slsb to mdb?

        • 1. Re: Propagate security context from ejb to MDB
          zgood
          zgood Oct 3, 2011 2:03 AM (in response to zgood)

          Here is example application and hornetq configs. Sample application contains pom.xml. There is test client for invoking first ejb to reproduce error.

            • Actions
          • 2. Re: Propagate security context from ejb to MDB
            zgood
            zgood Oct 7, 2011 6:48 AM (in response to zgood)

            Hello again!  I have another questions:

            1. Is it possible to process messages in security domain(in mdb or in simple messageListener)? I mean that code in onMessage(javax.jms.Message aMessage) method should invoked in security domain.
            2. In User Manual is wrote:

            JBoss can be configured to allow client login, basically this is when a JEE component such as a Servlet or EJB sets security credentials on the current security context  and these are used throughout the call. If you would like these credentials to be used by HornetQ when sending or consuming messages then set allowClientLogin to true. This will bypass HornetQ authentication and propgate the provided Security Context. If you would like HornetQ to authenticate using the propogated security then set the authoriseOnClientLogin to true also.

                 Is it means that hornetq will use caller security domain during consuming messages? (If i will turn on this options as shown in first message).

             

            Thanks in advance!

              • Actions
            • 3. Re: Propagate security context from ejb to MDB
              zgood
              zgood Jan 27, 2012 4:15 AM (in response to zgood)

              Keep an eye on https://issues.jboss.org/browse/HORNETQ-508

                • Actions