Problems with jaas SecurityDomain and @MessageDriven
lukeb Feb 18, 2009 8:53 AMgaohoward suggested I post this here, here's the original posting from the messaging forum.
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=150695
I'm porting an existing application from 422GA to 5 and am having trouble with security where we use @MessageDriven.
Within the app we have an existing bean with the @MessageDriven annotation. Within this annotation we set the user and password @ActivationConfigProperty. These credentials exist within our custom Jaas security domain.
I've changed the SecurityStore within messaging-jboss-beans.xml so that the security domain points to our domain (ie java:/jaas/MyDomain).
And finally within the destinations-service.xml I have put an entry for the queue referenced in the @MessageDriven bean (This queue used to be auto-created in 422 but understand this is no longer the default behaviour, hence the destinations-service.xml entry).
However, when I start Jboss5 I get the error:
09:04:09,502 ERROR [ExceptionUtil] ConnectionFactoryEndpoint[jboss.messaging.connectionfactory:servi ce=ConnectionFactory] createFailoverConnectionDelegate [da-m6b2sbrf-1- 5gkxrbrf-w8ajbw-x1461k] javax.jms.JMSSecurityException: User jmsuser is NOT authenticated at org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore.authenticate(JBossASSecurityMet adataStore.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java :93) at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java :27) at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:208) at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:120) at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:262) at javax.management.StandardMBean.invoke(StandardMBean.java:391) at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy236.authenticate(Unknown Source) at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegateInt ernal(ServerConnectionFactoryEndpoint.java:233) at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegate(Se rverConnectionFactoryEndpoint.java:171) at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.org$jboss$jms$server$endpo int$advised$ConnectionFactoryAdvised$createConnectionDelegate$aop(Conn ectionFactoryAdvised.java:108) at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.createConnectionDelegate(C onnectionFactoryAdvised.java) at org.jboss.jms.wireformat.ConnectionFactoryCreateConnectionDelegateRequest.serverInvoke(Co nnectionFactoryCreateConnectionDelegateRequest.java:91) at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandle r.java:143) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908) at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106) at org.jboss.remoting.Client.invoke(Client.java:1708) at org.jboss.remoting.Client.invoke(Client.java:612) at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.org$jboss$jms$client$delega te$ClientConnectionFactoryDelegate$createConnectionDelegate$aop(Client ConnectionFactoryDelegate.java:171) at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3 019492359065420858.invokeTarget(ClientConnectionFactoryDelegate$create ConnectionDelegate_N3019492359065420858.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) at org.jboss.jms.client.container.StateCreationAspect.handleCreateConnectionDelegate(StateCr eationAspect.java:81) at org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect_z_handleCreateCon nectionDelegate_23138316.invoke(StateCreationAspect_z_handleCreateConn ectionDelegate_23138316.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.createConnectionDelegate(Cl ientConnectionFactoryDelegate.java) at org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFacto ry.java:205) at org.jboss.jms.client.JBossConnectionFactory.createXAQueueConnection(JBossConnectionFactor y.java:142) at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupQueueConnection(JmsActivation.ja va:533) at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupConnection(JmsActivation.java:50 6) at org.jboss.resource.adapter.jms.inflow.JmsActivation.setup(JmsActivation.java:353) at org.jboss.resource.adapter.jms.inflow.JmsActivation$SetupActivation.run(JmsActivation.jav a:729) at org.jboss.resource.work.WorkWrapper.execute(WorkWrapper.java:204) at org.jboss.util.threadpool.BasicTaskWrapper.run(BasicTaskWrapper.java:260) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) 09:04:09,659 WARN [JmsActivation] Failure in jms activation org.jboss.resource.adapter.jms.inflow.J msActivationSpec@37de6a(ra=org.jboss.resource.adapter.jms.JmsResourceA dapter@eb37cd destination=queue/E3rCorrespondenceMDB destinationType=javax.jms.Queue tx=true durable =false reconnect=10 provider=java:/DefaultJMSProvider user=jmssrv pass =<not shown> maxMessages=1024 minSession=1 maxSession=64 keepAlive=60000 useDLQ=false) javax.jms.JMSSecurityException: User jmssrv is NOT authenticated at org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore.authenticate(JBossASSecurityMet adataStore.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java :93) at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java :27) at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:208) at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:120) at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:262) at javax.management.StandardMBean.invoke(StandardMBean.java:391) at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy236.authenticate(Unknown Source) at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegateInt ernal(ServerConnectionFactoryEndpoint.java:233) at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegate(Se rverConnectionFactoryEndpoint.java:171) at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.org$jboss$jms$server$endpo int$advised$ConnectionFactoryAdvised$createConnectionDelegate$aop(Conn ectionFactoryAdvised.java:108) at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.createConnectionDelegate(C onnectionFactoryAdvised.java) at org.jboss.jms.wireformat.ConnectionFactoryCreateConnectionDelegateRequest.serverInvoke(Co nnectionFactoryCreateConnectionDelegateRequest.java:91) at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandle r.java:143) at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908) at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106) at org.jboss.remoting.Client.invoke(Client.java:1708) at org.jboss.remoting.Client.invoke(Client.java:612) at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.org$jboss$jms$client$delega te$ClientConnectionFactoryDelegate$createConnectionDelegate$aop(Client ConnectionFactoryDelegate.java:171) at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3 019492359065420858.invokeTarget(ClientConnectionFactoryDelegate$create ConnectionDelegate_N3019492359065420858.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) at org.jboss.jms.client.container.StateCreationAspect.handleCreateConnectionDelegate(StateCr eationAspect.java:81) at org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect_z_handleCreateCon nectionDelegate_23138316.invoke(StateCreationAspect_z_handleCreateConn ectionDelegate_23138316.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.createConnectionDelegate(Cl ientConnectionFactoryDelegate.java) at org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFacto ry.java:205) at org.jboss.jms.client.JBossConnectionFactory.createXAQueueConnection(JBossConnectionFactor y.java:142) at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupQueueConnection(JmsActivation.ja va:533) at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupConnection(JmsActivation.java:50 6) at org.jboss.resource.adapter.jms.inflow.JmsActivation.setup(JmsActivation.java:353) at org.jboss.resource.adapter.jms.inflow.JmsActivation$SetupActivation.run(JmsActivation.jav a:729) at org.jboss.resource.work.WorkWrapper.execute(WorkWrapper.java:204) at org.jboss.util.threadpool.BasicTaskWrapper.run(BasicTaskWrapper.java:260) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619)
Here's my destinations-service.xml.
<mbean code="org.jboss.jms.server.destination.QueueService" name="jboss.messaging.destination:service=Queue,name=MyQueue" xmbean-dd="xmdesc/Queue-xmbean.xml"> <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends> <depends>jboss.messaging:service=PostOffice</depends> </mbean>
and here's my messaging-jboss-beans.xml showing the SecurityStore config.
<bean name="SecurityStore" class="org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore"> <!-- default security configuration --> <property name="defaultSecurityConfig"> <![CDATA[ <security> <role name="guest" read="true" write="true" create="true"/> </security> ]]> </property> <property name="suckerPassword">changedit</property> <property name="securityDomain">java:/jaas/MyDomain</property> <property name="securityManagement"><inject bean="JNDIBasedSecurityManagement"/></property> <!-- @JMX annotation to export the management view of this bean --> <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.messaging:service=SecurityStore",exposedInterface=org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStoreMBean.class)</annotation> </bean>
I've tried both the fully qualified jndi jaas domain (as shown above) and just using MyDomain in the securityDomain property, all to no avail.
Thanks for any help you can provide.