9 Replies Latest reply on May 15, 2013 3:00 AM by bondchan921

    Disappearing credentials after publisher.send

    thammoud

      Hello,

      I hope that this is the right forum for this. We are undergoing an effort to switch to JBOSS messaging from ActiveMQ (Soon 2.x). Our first effort is to get our stuff to work with JBM 1.4x and then 2.x. We have noticed that when we send a message using JMS, the current active principal is no longer active.

      Basically, we call the following (Before and After the publisher.send call)

      java.security.Principal userPrincipal = SecurityContextAssociation.getSecurityContext().getUtil().getUserPrincipal();

      After the send, the call returns null. Our code above the JMS layer must run in the proper security context. As far as JMS is concerned, basic guest authentication is all we need. We use JAAS for all our our authentication.

      There must be a logic to this. Can someone kindly explain why we are seeing this behavior? Thank you.







        • 1. Re: Disappearing credentials after publisher.send
          thammoud

          Just to add a couple of things about our configuration, JBM is using the default "messaging" realm with no changes.

          • 2. Re: Disappearing credentials after publisher.send
            gaohoward

            Do you expect that after the send, JBM sets the Principle to the context? I don't think JBM will do this. Authentication and authorization are done at the server end.

            Maybe i didn't understand you correctly. if so, can you give some code sample to illustrate? Thanks.

            • 3. Re: Disappearing credentials after publisher.send
              thammoud

              No I did not expect it to set the principal to the context. However, I also did not expect the send call to "wipe-out" the existing credentials associated with the calling thread.

              System.out.println("In start of JMS Feed Session:"
               + JBossUtils.getCurrentUsername()); <== Non null principal
              defaultPublisher.send(outboundQueue, message);
              System.out.println("In start (After Send) of JMS Feed Session:"
               + JBossUtils.getCurrentUsername()); <===== NULL
              


              Running 5.1

              • 4. Re: Disappearing credentials after publisher.send
                gaohoward

                Are you using JmsXA? I don't think JBM changes any security context during a send.

                • 5. Re: Disappearing credentials after publisher.send
                  thammoud

                  We use "ConnectionFactory" to create the connection factory which is defined as:

                  <mbean code="org.jboss.jms.server.connectionfactory.ConnectionFactory"
                   name="jboss.messaging.connectionfactory:service=ConnectionFactory"
                   xmbean-dd="xmdesc/ConnectionFactory-xmbean.xml">
                   <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
                   <depends optional-attribute-name="Connector">jboss.messaging:service=Connector,transport=bisocket</depends>
                   <depends>jboss.messaging:service=PostOffice</depends>
                  
                   <attribute name="JNDIBindings">
                   <bindings>
                   <binding>/ConnectionFactory</binding>
                   <binding>/XAConnectionFactory</binding>
                   <binding>java:/ConnectionFactory</binding>
                   <binding>java:/XAConnectionFactory</binding>
                   </bindings>
                   </attribute>
                   </mbean>
                  


                  Thanks for your quick response.

                  • 6. Re: Disappearing credentials after publisher.send
                    gaohoward

                    Hi thanks for the info.

                    I checked JBM code and couldn't find any code that changes the context. Maybe it's a good idea that you put your question to the jboss security forum too.

                    • 7. Re: Disappearing credentials after publisher.send
                      thammoud

                      I actually just tried JBM 2.0 Beta and it worked correctly. Same code different JMS implementation. I will see if I can dig deeper.

                      • 8. Re: Disappearing credentials after publisher.send
                        • 9. Re: Disappearing credentials after publisher.send
                          bondchan921

                          Same issue,

                           

                          SecurityAssociation.getCallerPrincipal() ---->get the right user

                           



                          connection = queueFactory.createQueueConnection("guest","guest");



                          session = connection.createQueueSession(true,Session.AUTO_ACKNOWLEDGE);


                          queue = (Queue)sls.getJNDIResource(queueName);





                          queueSender = session.createSender(queue);


                          ObjectMessage obj_message = session.createObjectMessage();


                          obj_message.setObject(obj);




                           

                          queueSender.send(obj_message);

                           

                          SecurityAssociation.getCallerPrincipal() ----->principal= null

                           

                           

                          1)How can I upgrade from JBM 1.4.3 ->JBM2.0.0.B4

                          2)If I pop the seucrity context before invoke JMS code, and push back after queueSender.send(),   works while executed later EJB code, but still get the principal=null  when execution come out to the Sturct action layer and invoke EJB code again