Security domain does NOT work for <subsystem xmlns="urn:jboss:domain:messaging:2.0">!!!
ybxiang.china Jan 5, 2014 9:51 PMDear jboss guys,
I debugged the login module "org.jboss.security.auth.spi.DatabaseServerLoginModule" in wildfly8-CR1, the result is:
- when client code {EJBClientContext.getCurrent().registerInterceptor(0,new ClientSessionTokenInterceptor());} is executed, org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword() and getRoleSets(...) is called as expect! And other EJB invocations work well too.
- When "jms/HTTPConnectionFactory" is looked up on the client side, DatabaseServerLoginModule.getUsersPassword() is NOT called, and the client print bellow exception:
"JBREM000200: Remote connection failed: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed"
"javax.naming.NamingException: Failed to connect to any server. Servers tried: [http-remoting://localhost:80]"
So, I guess the Security domain does NOT work for <subsystem xmlns="urn:jboss:domain:messaging:2.0"> at all!!!
Have you tested this case???
Please help me!!! (After I solved this problem, I will summarize it and post it here, I think it is useful to other guys.)
Thank you very much!
---------------------------------------------------------------------------------------------------------------------------------------------------------------
1. standalone.xml
http://javaarm.com/file/jboss/ApplicationServer/wildfly/wildfly8-messaging-security/standalone.xml
2. Client
2.1 vm arguments
-Dosgi.requiredJavaVersion=1.6 -Xms40m -Xmx512m -XX:+HeapDumpOnOutOfMemoryError -Xms256m -Djavax.net.ssl.trustStore=D:\java\wildfly-8.0.0.CR1_njnms\standalone\configuration\client.truststore -Djavax.net.ssl.trustStorePassword=ybxiang_truststore_password -Dupdate.site=nms-client -Dignore.rmi.address.cache=true
2.2 program arguments
-os ${target.os} -ws ${target.ws} -arch ${target.arch} -nl ${target.nl} -consoleLog zh_CN
2.3 Client Java Class
http://javaarm.com/file/jboss/ApplicationServer/wildfly/wildfly8-messaging-security/ServerLink.java
---------------------------------------------------------------------------------------------------------------------------------------------------------------
3. Trying other security-domain definition
3.1 I defined new security domain:
<security-domain name="messaging-security-domain" cache-type="default"> | |
<authentication> | |
<login-module code="UsersRoles" flag="required"> | |
<module-option name="usersProperties" value="application-users.properties"/> | |
<module-option name="rolesProperties" value="application-roles.properties"/> | |
</login-module> | |
</authentication> | |
</security-domain> |
3.2 Add username/password/role through add-user.bat
username: guest
password: guest
role:guest
3.3 client test
Bellow client code still prints the above exception.
public class SimpleClient {
public static String serverIP = "localhost";
public static String serverHttpPort = "80";
public static String username = "guest";
public static String password = "guest";
public static void main(String[] args) throws NamingException {
InitialContext initialContext = null;
try
{
// Step 1. Create an initial context to perform the JNDI lookup.
final Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.naming.remote.client.InitialContextFactory");
env.put(Context.PROVIDER_URL, "http-remoting://" + serverIP + ":"+serverHttpPort);
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
initialContext = new InitialContext(env);
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("/jms/HTTPConnectionFactory");// "jms/HTTPConnectionFactory" is OK too!
try{
JMSContext context = cf.createContext(username, password);
TemporaryQueue tempQueue = context.createTemporaryQueue();
context.createProducer().send(tempQueue, "hello");
JMSConsumer consumer = context.createConsumer(tempQueue);
String response = consumer.receiveBody(String.class, 2000);
System.out.println("response = " + response);
}catch(Exception e){
e.printStackTrace();
}
} finally {
if (initialContext != null)
{
initialContext.close();
}
}
}
}