10 Replies Latest reply on Feb 9, 2017 12:19 PM by swarsa

    JBoss EAP 7 JMS connecting to LDAP

    swarsa

      I'm trying to port a Spring 4 JEE app over to JBoss EAP 7 from WebSphere 7 and have gotten much of it working.  Now I'm working on JMS.  The JMS queue is hosted by Web Methods broker and we look that up from an LDAP connection.  In WebSphere, to get this to work, we had configured:

       

      1. A Generic JMS provider with the WebMethods jars in the classpath of that provider.  That provider also had the
      2. A Queue with Name, JNDI name (internal) and
      3. A QueueConnectionFactory with Name, JNDI name (internal) and External JNDI Name cn=XXXXXXXX,ou=xxxx-xxxx,ou=xxxxx,ou=xxx,dc=xxx,dc=xxx

       

      Note, there is not any RAR file installed there and if possible I would prefer not to do that - I'd rather have all the configurations in the standalone*.xml file instead.

       

      Since this is a Spring app, I have a spring context file with jms configurations in there that get wired into my spring beans:

       

      <jee:jndi-lookup id="jmsProducerConnectionFactory" jndi-name="java:comp/env/XyzFactory" />

       

      <jee:jndi-lookup id="sendDestination" jndi-name="java:comp/env/AbcDestination" />

       

      <bean id="jmsQueueTemplate" class="org.springframework.jms.core.JmsTemplate">

          <property name="connectionFactory" ref="jmsProducerConnectionFactory" />

          <property name="destinationResolver" ref="jmsDestResolver" />

          <property name="defaultDestination" ref="sendDestination" />

          <property name="receiveTimeout" value="60000" />

      </bean>

      <bean id="jmsDestResolver" class="org.springframework.jms.support.destination.DynamicDestinationResolver" />

       

      I'm trying to set up the similar thing as this in JBoss EAP 7.  So far I have datasources, namespace bindings and many other things working.  Now as I start with the JMS, I'm having problems.  I've read the docs on this at:

       

      https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/7.0/single/configuring-messaging/

       

      (and many other suggestions).  So far, I have this set up in my standalone-full.xml

       

              <subsystem xmlns="urn:jboss:domain:messaging-activemq:1.0">

                  <server name="default">

                      <security-setting name="#">

                          <role name="guest" delete-non-durable-queue="true" create-non-durable-queue="true" consume="true" send="true"/>

                      </security-setting>

                      <address-setting name="#" message-counter-history-day-limit="10" page-size-bytes="2097152" max-size-bytes="10485760" expiry-address="jms.queue.ExpiryQueue" dead-letter-address="jms.queue.DLQ"/>

                      <http-connector name="http-connector" endpoint="http-acceptor" socket-binding="http"/>

                      <http-connector name="http-connector-throughput" endpoint="http-acceptor-throughput" socket-binding="http">

                          <param name="batch-delay" value="50"/>

                      </http-connector>

                      <in-vm-connector name="in-vm" server-id="0"/>

                      <http-acceptor name="http-acceptor" http-listener="default"/>

                      <http-acceptor name="http-acceptor-throughput" http-listener="default">

                          <param name="batch-delay" value="50"/>

                          <param name="direct-deliver" value="false"/>

                      </http-acceptor>

                      <in-vm-acceptor name="in-vm" server-id="0"/>

                      <jms-queue name="AbcDestination" entries="java:/jms/AbcDestination"/>

                      <connection-factory name="XyzFactory" entries="java:/XyzFactory" connectors="http-connector"/>

                  </server>

              </subsystem>

       

      Unfortunately I've not seen any examples where the jms is connecting to LDAP.  I don't know where to put the LDAP Url (really all the JNDI properties including the credentials).

       

      Any help would be appreciated.

       

      Thanks,

      Steve

        • 1. Re: JBoss EAP 7 JMS connecting to LDAP
          mchoma

          [EDITED] I have misread the question. My answer is misleading, because talking about LDAP authentication, what is not point of question.

          You can try configure LDAP authentication in security domain [1] using e.g. LdapLoginModule[2]. And then reference this security domain from messaging subsystem.

           

          [1] Security Architecture - Red Hat Customer Portal

          [2] Login Module Reference - Red Hat Customer Portal

          • 2. Re: JBoss EAP 7 JMS connecting to LDAP
            pjhavariotis

            mchoma

            I am afraid this has nothing to do with LDAP authentication.

            These LDAP attributes, concern the "initial context" which gives a starting point from which the JMS client can resolve the names of the objects in that location of the naming and directory service.

            swarsa

            First of all the configuration you are trying to setup has to do with the embedded Messaging Broker which is Apache ActiveMQ Artemis.

            If you want to stick with that, you have to check with the corresponding ActiveMQ Artemis documentation if it can support LDAP as a JNDI service provider. By the way, I don't think so.

            • 3. Re: JBoss EAP 7 JMS connecting to LDAP
              swarsa

              Thanks for the replies mchoma and pjhavariotis.  So, specifically, pjhavariotis, you say "the configuration you are trying to setup has to do with the embedded Messaging Broker which is Apache ActiveMQ Artemis.  If you want to stick with that, you have to check with the corresponding ActiveMQ Artemis documentation if it can support LDAP as a JNDI service provider. By the way, I don't think so."

               

              Are you aware of any way to do what I want to do on JBoss?  We have some people (internally at my company) who did this in JBoss AS 3.08, but now that we're going to be on JBoss EAP 7, the instructions they gave (using an mbean as seen below) looks out of date:

               

              <!-- Bind a remote LDAP server -->

                <mbean code="org.jboss.naming.ExternalContext"

                       name="jboss.naming:service=ExternalContext,jndiName=ldapWebMethodsContext" >

                  <attribute name="JndiName">ldapWebMethodsContext</attribute>

                     <attribute name="Properties">

                         java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

                         java.naming.factory.url.pkgs=com.wm.broker.jms

                         java.naming.provider.url=ldap://xxxxx.xxxxx:389/ou=XXXX,o=xxxx

                         java.naming.security.principal=cn=xxxx

                         java.naming.security.credentials=xxxxx

                         java.naming.security.authentication=simple

                         com.wm.jms.naming.clientgroup=xxxx

                     </attribute>

                  <attribute name="InitialContext">javax.naming.ldap.InitialLdapContext</attribute>

                  <attribute name="RemoteAccess">true</attribute>

               

                </mbean>

              <server>

                <!-- ==================================================================== -->

                <!-- Remote JMS Provider                                                  -->

                <!-- ==================================================================== -->

               

                <!-- The Remote JMS provider loader -->

                <mbean code="org.jboss.jms.jndi.JMSProviderLoader"

                 name="jboss.mq:service=JMSProviderLoader,name=RemoteLdapJMSProvider">

                  <attribute name="ProviderName">RemoteLdapJMSProvider</attribute>

                  <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JBossMQProvider</attribute>

                  <attribute name="QueueFactoryRef">java:/XAConnectionFactory</attribute>

                  <attribute name="TopicFactoryRef">ldapWebMethodsContext/cn=BrokerTopicConnectionFactory</attribute>

                </mbean>

               

              </server>

               

              There are many other configurations, but I was looking for the EAP 7 way of doing this.  Is there any hope?

               

              Thanks,

              Steve

              • 4. Re: JBoss EAP 7 JMS connecting to LDAP
                pjhavariotis

                Frankly speaking, I have never used LDAP as a JNDI service provider for an external JMS provider.

                In your situation, I would suggest to go safely (by the book).

                Have you checked the JBoss EAP 7 supported configurations?

                As you can see only 3 external JMS providers have been tested with EAP 7.0.

                • 5. Re: JBoss EAP 7 JMS connecting to LDAP
                  swarsa

                  Thanks for taking the time to reply.  No, I had not seen that list of supported configurations for external JMS providers.  Thanks.  Interestingly enough though, the documentation does show examples detailing a generic JMS resource adapter (https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/7.0/single/configuring-messagin… ) - the example they give is Tibco EMS 6.3, which is not listed in the list of "external JMS providers were tested with the latest JBoss EAP 7 Release".  So, I would suspect what I'm trying to do is possible. 

                   

                  Thanks for your help.

                   

                  Steve

                  • 6. Re: JBoss EAP 7 JMS connecting to LDAP
                    jbertram

                    If you're attempting to integrate your Spring-based JMS application running on JBoss EAP 7 with the Web Methods JMS broker then you shouldn't be doing anything with messaging subsystem built in to EAP 7.  You would only configure the messaging subsystem in EAP 7 if you actually wanted to integrate with it, but in this case all the evidence suggests you don't actually want to do that.

                     

                    Therefore I think you have 2 options:

                    1. Deploy and configure the Generic JMS JCA Resource Adapter for JBoss AS.
                    2. Configure your Spring-based application to talk directly to LDAP for its JNDI lookups.

                     

                    I assume you're not doing #2 already because you want some of the functionality that a container can provide for you here (e.g. connection pooling, simple runtime management, etc.).

                     

                    All the configuration for #1 can go in your standalone*.xml despite the fact that you're dealing with a RAR (which can be physically deployed or can just be contained within a module just like any other library).  The documentation for the RAR (linked above) should have sufficient documentation for you.  You should just need to plug in your JNDI properties and I would expect everything to work.

                    • 7. Re: JBoss EAP 7 JMS connecting to LDAP
                      jbertram

                      An additional thought...

                       

                      Since your application will be looking up both a JMS connection factory and JMS destination in JNDI it would probably be best to configure an "External Context" pointing to your LDAP server and then use that context for all your application's JNDI lookups.

                      • 8. Re: JBoss EAP 7 JMS connecting to LDAP
                        swarsa

                        Thanks - I have a .rar for WebMethods in particular and I can proceed to install that.  However, in the documentation from them, I do not see a way to point to LDAP.  For example, there is a case study from the field entitled "Integration and Configuration of SofwareAG’s webMethods Broker with JBOSS EAP 6.1".  In there, it is gives instructions how to install the resource adapter, but all the properties that are configured therein assume that the property values are not LDAP formatted locations.  For example, there is a property

                         

                        JndiProperties=java.naming.factory.initial=com.webMethods.jms.naming.WmJmsNamingCtxFactory,java.naming.provider.url=wmjmsnaming://$jndi_broker_name@$jndi_broker_host:$jndi_broker_port

                         

                        However, if I were to add a property like this:

                         

                        JndiProperties=java.naming.factory.initial=com.webMethods.jms.naming.WmJmsNamingCtxFactory,java.naming.provider.url=ldap://xxx.xxx.xxx:nnn/ou=XXXXXX,o=xxxxx

                         

                        It is not accepted properly.  Also, it is not clear to me how to connect the external-context for LDAP with the JMS configurations.  Unfortunately, there seems to be no comprehensive example on how to do this the LDAP way...

                         

                        Thanks again for the effort you put into your response.

                        Steve

                        • 9. Re: JBoss EAP 7 JMS connecting to LDAP
                          jbertram

                          Thanks - I have a .rar for WebMethods in particular and I can proceed to install that.

                          I wasn't suggesting you use the RAR from Web Methods.  I was suggesting you use the Generic JMS JCA Resource Adapter for JBoss AS.  As the name suggests, this is a generic JMS RAR which can integrate with various providers in various ways.  All you need to do is plug in your JNDI properties.  As I said, I think it would work with LDAP without any issue.

                           

                          Also, it is not clear to me how to connect the external-context for LDAP with the JMS configurations. Unfortunately, there seems to be no comprehensive example on how to do this the LDAP way...

                          If you take a look at the documentation I linked for the external context you can see a simple example using LDAP.  Using the external context you can essentially pull in everything from the LDAP JNDI and just look it up locally from your applications using the namespace defined in the "name" parameter.  It should be really straight forward.  People do integrations like this with other JMS providers all the time.

                          • 10. Re: JBoss EAP 7 JMS connecting to LDAP
                            swarsa

                            OK, thanks - it sounds promising - I'll give it a try.  The reason that I was communicating that I would try the webMethods adapter is because if this statement in the documentation for the Generic JMS JCA Resource Adapter for JBoss AS:

                             

                            "To be clear, the Generic JMS JCA Resource Adapter for JBoss AS should only be used if the JMS provider with which you are integrating does not have a JCA Resource Adapter of its own. Most enterprise JMS providers have their own JCA RA, but for whatever reason there are still a few who are lacking this essential integration component."


                            Since WebMethods does have one, I was thinking I should use that, but I can try this one first.