3 Replies Latest reply on May 3, 2013 10:10 AM by jbertram

    MDB is consuming messages from remote topic with out providing credentials

    jahoshai

      In my application I am tryng to publish some messages to a topic and planning to have an MDB which consumes messages from it on JBoss EAP 6.0.1.

       

      This is my MDB configuration

       

      @MessageDriven(name = "EventMDB", activationConfig = {
              @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Topic"),
              @ActivationConfigProperty(propertyName = "SubscriptionDurability", propertyValue = "Durable"),
              @ActivationConfigProperty(propertyName = "destination", propertyValue = "jms/event.Topic")
      })
      @TransactionAttribute(TransactionAttributeType.REQUIRED)
      public class EventMDB implements MessageListener
      {
          //TODO this is not serializable then why have serialVersionUID
          private static final long serialVersionUID = -3375626838235248963L;
          private static final Logger logger = Logger.getLogger(SDPEventMDB.class);
      
          @Override
          public void onMessage(Message message)
          {
             logger.info("Received a message");
             
          }
      }
      

       

      Since by default the hornetq server is security enabled I was under impression that the MDB I have deployed will fail with out passing credentials.

      But to my surprise it is able to consume messages.

       

      Publishing to the topic anyways is working only if I pass the credentials.

       

      Could anyone please let me know how come my MDB is able to consume messages with out passing credentials?

       

      The messaging subsytem I have is as follows

       

      <subsystem xmlns="urn:jboss:domain:messaging:1.2">
                      <hornetq-server>
                          <persistence-enabled>true</persistence-enabled>
                          <journal-type>NIO</journal-type>
                          <journal-file-size>102400</journal-file-size>
                          <journal-min-files>2</journal-min-files>
      
                          <connectors>
                              <netty-connector name="netty" socket-binding="messaging"/>
                              <netty-connector name="netty-throughput" socket-binding="messaging-throughput">
                                  <param key="batch-delay" value="50"/>
                              </netty-connector>
                              <in-vm-connector name="in-vm" server-id="0"/>
                          </connectors>
      
                          <acceptors>
                              <netty-acceptor name="netty" socket-binding="messaging"/>
                              <netty-acceptor name="netty-throughput" socket-binding="messaging-throughput">
                                  <param key="batch-delay" value="50"/>
                                  <param key="direct-deliver" value="false"/>
                              </netty-acceptor>
                              <in-vm-acceptor name="in-vm" server-id="0"/>
                          </acceptors>
      
                          <security-settings>
                              <security-setting match="#">
                                  <permission type="send" roles="adminuser"/>
                                  <permission type="consume" roles="adminuser"/>
                                  <permission type="createNonDurableQueue" roles="adminuser"/>
                                  <permission type="deleteNonDurableQueue" roles="adminuser"/>
                              </security-setting>
                          </security-settings>
      
                          <address-settings>
                              <address-setting match="#">
                                  <dead-letter-address>jms.queue.DLQ</dead-letter-address>
                                  <expiry-address>jms.queue.ExpiryQueue</expiry-address>
                                  <redelivery-delay>0</redelivery-delay>
                                  <max-size-bytes>10485760</max-size-bytes>
                                  <address-full-policy>BLOCK</address-full-policy>
                                  <message-counter-history-day-limit>10</message-counter-history-day-limit>
                              </address-setting>
                          </address-settings>
      
                          <jms-connection-factories>
                              <connection-factory name="InVmConnectionFactory">
                                  <connectors>
                                      <connector-ref connector-name="in-vm"/>
                                  </connectors>
                                  <entries>
                                      <entry name="java:/ConnectionFactory"/>
                                  </entries>
                              </connection-factory>
                              <connection-factory name="MyXAConnectionFactory">
                                  <connectors>
                                      <connector-ref connector-name="netty"/>
                                  </connectors>
                                  <entries>
                                      <entry name="MyXAConnectionFactory"/>
                                      <entry name="java:jboss/exported/jms/MyXAConnectionFactory"/>
                                  </entries>
                              </connection-factory>
                              <connection-factory name="RemoteConnectionFactory">
                                  <connectors>
                                      <connector-ref connector-name="netty"/>
                                  </connectors>
                                  <entries>
                                      <entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>
                                  </entries>
                              </connection-factory>
                              <pooled-connection-factory name="hornetq-ra">
                                  <transaction mode="xa"/>
                                  <connectors>
                                      <connector-ref connector-name="in-vm"/>
                                  </connectors>
                                  <entries>
                                      <entry name="java:/JmsXA"/>
                                  </entries>
                              </pooled-connection-factory>
                          </jms-connection-factories>
      
                          <jms-destinations>
                              <jms-topic name="event.Topic">
                                  <entry name="java:/jms/event.Topic"/>
                                  <entry name="java:jboss/exported/jms/event.Topic"/>
                              </jms-topic>
                          </jms-destinations>
                      </hornetq-server>
                  </subsystem>
      

       

      and iam using EJB3 subsytem out of the box.

        • 1. Re: MDB is consuming messages from remote topic with out providing credentials
          jbertram

          JMS security is not enforced on local clients.

          • 2. Re: MDB is consuming messages from remote topic with out providing credentials
            jahoshai

            Thanks Justin for your reply.

            I just need some more clarification.

             

            By default will it use in-vm connector to connect to the topic?

            Because when I explicitly mention netty connector in my MDB configuration, it enforces to provide credentials.

             

            @MessageDriven(name = "EventMDB", activationConfig = {
                    @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Topic"),
                    @ActivationConfigProperty(propertyName = "SubscriptionDurability", propertyValue = "Durable"),
                    @ActivationConfigProperty(propertyName = "destination", propertyValue = "jms/event.Topic"),

                    @ActivationConfigProperty(propertyName = "connectorClassName", propertyValue = "org.hornetq.core.remoting.impl.netty.NettyConnectorFactory")
            })

            • 3. Re: MDB is consuming messages from remote topic with out providing credentials
              jbertram

              By default will it use in-vm connector to connect to the topic?

              That's correct.

               

               

              Because when I explicitly mention netty connector in my MDB configuration, it enforces to provide credentials.

              The security override won't work for a non-inVM connection factory (e.g. Netty).  Therefore if you force the MDB's connector to use Netty it will need to submit credentials.