2 Replies Latest reply on Aug 20, 2013 5:11 AM by a.d.jbpm

    Message Driven (MDB): Security principal is not propagated to MDB in JBoss AS 7.2

    a.d.jbpm
    a.d.jbpm Aug 19, 2013 11:58 AM

      Hi all,

      I have a standalone JMS producer publishing messages to a MDB deployed within JBoss AS 7.2.

      On MDB's onMessage method, I am not able to resolve caller principal from MessageDrivenContext.getCallerPrincipal(). So, I am getting only 'anonymous'.

      Is there a way to propagate security context from JMS 'secured' producer to MDB?


      • Here is my standalone-full.xml hornetQ's configuration

           <hornetq-server>

                      <persistence-enabled>true</persistence-enabled>

                      <security-domain>mySecurityDomain</security-domain>

                      <security-enabled>true</security-enabled>

                      <journal-type>NIO</journal-type>

                      <journal-min-files>2</journal-min-files>

       

                      <connectors>

                          <netty-connector name="netty" socket-binding="messaging"/>

                          <netty-connector name="netty-throughput" socket-binding="messaging-throughput">

                              <param key="batch-delay" value="50"/>

                          </netty-connector>

                          <in-vm-connector name="in-vm" server-id="0"/>

                      </connectors>

       

                      <acceptors>

                          <netty-acceptor name="netty" socket-binding="messaging"/>

                          <netty-acceptor name="netty-throughput" socket-binding="messaging-throughput">

                              <param key="batch-delay" value="50"/>

                              <param key="direct-deliver" value="false"/>

                          </netty-acceptor>

                          <in-vm-acceptor name="in-vm" server-id="0"/>

                      </acceptors>

                      <!-- 'root' is a role in our security domain -->

                      <security-settings>

                          <security-setting match="#">

                              <permission type="send" roles="root"/>

                              <permission type="consume" roles="root"/>

                              <permission type="createNonDurableQueue" roles="root"/>

                              <permission type="deleteNonDurableQueue" roles="root"/>

                          </security-setting>

                      </security-settings>

       

                      <address-settings>

                          <address-setting match="#">

                              <dead-letter-address>jms.queue.DLQ</dead-letter-address>

                              <expiry-address>jms.queue.ExpiryQueue</expiry-address>

                              <redelivery-delay>0</redelivery-delay>

                              <max-size-bytes>10485760</max-size-bytes>

                              <address-full-policy>BLOCK</address-full-policy>

                              <message-counter-history-day-limit>10</message-counter-history-day-limit>

                          </address-setting>

                      </address-settings>

       

                      <jms-connection-factories>               

                          <connection-factory name="RemoteConnectionFactory">

                              <connectors>

                                  <connector-ref connector-name="netty"/>

                              </connectors>

                              <entries>

                                  <entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>

                              </entries>

                          </connection-factory>

                      </jms-connection-factories>

       

                      <jms-destinations>                   

                          <jms-topic name="testTopic">

                              <entry name="topic/test"/>

                              <entry name="java:jboss/exported/jms/topic/test"/>

                          </jms-topic>

                      </jms-destinations>

                  </hornetq-server>

       

      • Message producer

        public class SimpleJMSClient {

          public static void main(String[] args) throws Exception {

              try {

                  // Set up the context for the JNDI lookup

                  Properties env = new Properties();       

                  env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");

                  env.put(Context.PROVIDER_URL, "remote://localhost:4447");

                  env.put(Context.SECURITY_PRINCIPAL, "root");

                  env.put(Context.SECURITY_CREDENTIALS, "root");

                  env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

                  Context context = new InitialContext(env);

       

                  // Perform the JNDI lookups

                  ConnectionFactory connectionFactory = (ConnectionFactory) context.lookup("jms/RemoteConnectionFactory");

                  Destination destination = (Destination) context.lookup("jms/topic/test");

                  // Create the secured JMS connection, session, producer

                  Connection connection = connectionFactory.createConnection("root", "root");

                  Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);

                  MessageProducer producer = session.createProducer(destination);

                  connection.start();

                  TextMessage message = session.createTextMessage("Hello World");

                  producer.send(message);

              } catch (Exception e) {

                  e.printStackTrace();

              }

          }

      }

       

      • Message driven bean

      @MessageDriven(name = "BasicMessageListenerBean", activationConfig = {

              @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Topic"),

              @ActivationConfigProperty(propertyName = "destination", propertyValue = "topic/test"),

              @ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "Auto-acknowledge") })

      @SecurityDomain("mySecurityDomain")

      @RunAs("root")

      public class BasicMessageListenerBean implements MessageListener {

       

          @Resource

          private MessageDrivenContext sessionContext;

         

          /**

           * @see MessageListener#onMessage(Message)

           */

          public void onMessage(Message rcvMessage) {

              Principal callerPrincipal = sessionContext.getCallerPrincipal();       

              System.out.println(callerPrincipal); //It prints "anonymous" instead of "root" user

              System.out.println(rcvMessage);

          }

      }