Message Driven (MDB): Security principal is not propagated to MDB in JBoss AS 7.2
a.d.jbpm Aug 19, 2013 11:58 AMHi all,
I have a standalone JMS producer publishing messages to a MDB deployed within JBoss AS 7.2.
On MDB's onMessage method, I am not able to resolve caller principal from MessageDrivenContext.getCallerPrincipal(). So, I am getting only 'anonymous'.
Is there a way to propagate security context from JMS 'secured' producer to MDB?
- Here is my standalone-full.xml hornetQ's configuration
<hornetq-server>
<persistence-enabled>true</persistence-enabled>
<security-domain>mySecurityDomain</security-domain>
<security-enabled>true</security-enabled>
<journal-type>NIO</journal-type>
<journal-min-files>2</journal-min-files>
<connectors>
<netty-connector name="netty" socket-binding="messaging"/>
<netty-connector name="netty-throughput" socket-binding="messaging-throughput">
<param key="batch-delay" value="50"/>
</netty-connector>
<in-vm-connector name="in-vm" server-id="0"/>
</connectors>
<acceptors>
<netty-acceptor name="netty" socket-binding="messaging"/>
<netty-acceptor name="netty-throughput" socket-binding="messaging-throughput">
<param key="batch-delay" value="50"/>
<param key="direct-deliver" value="false"/>
</netty-acceptor>
<in-vm-acceptor name="in-vm" server-id="0"/>
</acceptors>
<!-- 'root' is a role in our security domain -->
<security-settings>
<security-setting match="#">
<permission type="send" roles="root"/>
<permission type="consume" roles="root"/>
<permission type="createNonDurableQueue" roles="root"/>
<permission type="deleteNonDurableQueue" roles="root"/>
</security-setting>
</security-settings>
<address-settings>
<address-setting match="#">
<dead-letter-address>jms.queue.DLQ</dead-letter-address>
<expiry-address>jms.queue.ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<max-size-bytes>10485760</max-size-bytes>
<address-full-policy>BLOCK</address-full-policy>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
</address-setting>
</address-settings>
<jms-connection-factories>
<connection-factory name="RemoteConnectionFactory">
<connectors>
<connector-ref connector-name="netty"/>
</connectors>
<entries>
<entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>
</entries>
</connection-factory>
</jms-connection-factories>
<jms-destinations>
<jms-topic name="testTopic">
<entry name="topic/test"/>
<entry name="java:jboss/exported/jms/topic/test"/>
</jms-topic>
</jms-destinations>
</hornetq-server>
- Message producer
public class SimpleJMSClient {
public static void main(String[] args) throws Exception {
try {
// Set up the context for the JNDI lookup
Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
env.put(Context.PROVIDER_URL, "remote://localhost:4447");
env.put(Context.SECURITY_PRINCIPAL, "root");
env.put(Context.SECURITY_CREDENTIALS, "root");
env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
Context context = new InitialContext(env);
// Perform the JNDI lookups
ConnectionFactory connectionFactory = (ConnectionFactory) context.lookup("jms/RemoteConnectionFactory");
Destination destination = (Destination) context.lookup("jms/topic/test");
// Create the secured JMS connection, session, producer
Connection connection = connectionFactory.createConnection("root", "root");
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer producer = session.createProducer(destination);
connection.start();
TextMessage message = session.createTextMessage("Hello World");
producer.send(message);
} catch (Exception e) {
e.printStackTrace();
}
}
}
- Message driven bean
@MessageDriven(name = "BasicMessageListenerBean", activationConfig = {
@ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Topic"),
@ActivationConfigProperty(propertyName = "destination", propertyValue = "topic/test"),
@ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "Auto-acknowledge") })
@SecurityDomain("mySecurityDomain")
@RunAs("root")
public class BasicMessageListenerBean implements MessageListener {
@Resource
private MessageDrivenContext sessionContext;
/**
* @see MessageListener#onMessage(Message)
*/
public void onMessage(Message rcvMessage) {
Principal callerPrincipal = sessionContext.getCallerPrincipal();
System.out.println(callerPrincipal); //It prints "anonymous" instead of "root" user
System.out.println(rcvMessage);
}
}