Messaging should work with any JAAS loging module. It's true I didn't test it with DynamicLoginModule (it's a JBossMQ module). I'll investigate and get back to you.
I'm trying for the sake of testing to use the default login module, and cannot get it to work. From my client, I'm getting:
2006-04-28 14:33:42,293 WARN [inbound] An exception occurred on the server side when making remote invocation. The exception returned from server does not include a stack trace. Original server side exception message is User jms is NOT authenticated javax.jms.JMSSecurityException: User jms is NOT authenticated
The server doesn't log anything.
I added the security domain to my "login-config.xml" per the readme included with Messaging.
# A sample users.properties file for use with the UsersRolesLoginModule admin=admin jms=jms
# A sample roles.properties file for use with the UsersRolesLoginModule admin=JBossAdmin,HttpInvoker jms=discon
My test queue I'm trying to send to:
<?xml version="1.0" encoding="UTF-8"?> <server> <loader-repository>jboss.messaging:loader=ScopedLoaderRepository <loader-repository-config>java2ParentDelegation=false</loader-repository-config> </loader-repository> <mbean code="org.jboss.jms.server.destination.Queue" name="jboss.messaging.destination:service=Queue,name=99999" xmbean-dd="xmdesc/Queue-xmbean.xml"> <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends> <attribute name="SecurityConfig"> <security> <role name="discon" read="true" write="true" create="true"/> </security> </attribute> </mbean> </server>
I can successfully send messages if I set the role for my queue to "guest", but not if I set it to my defined role.
seems to be a bug. Please raise a JIRA issue, since 1.0.1.CR1 is not out yet, I'll try to include the fix in the release
I figured out the problem. May just require updating documentation. I added the following comment to the JIRA task I opened:
I believe this can be closed, the problem is due to a misconfiguration. I noticed within the current scoped sar of Messaging the "messaging-users.properties" and "messaging-roles.properties" files. I was configuring my users and roles in the files under the "\conf" folder. Once I removed the files from the scoped sar, I was able to send to my destinations configured with my security role.
Thanks, I'll update the documentation
In JBossMQ, we used the "org.jboss.mq.sm.file.DynamicLoginModule" login module configured to store hashed passwords in the "jbossmq-state.xml" file. I couldn't get this to work running Messaging under JBoss 4.0.3SP1. Is Messaging currently just limited to the "org.jboss.security.auth.spi.UsersRolesLoginModule" login module?
I only needed a way to store hashed passwords, and found out I could do this with the default login module "org.jboss.security.auth.spi.UsersRolesLoginModule", instead of the "org.jboss.mq.sm.file.DynamicLoginModule" login module that I couldn't get to work. The default module also takes the following options:
<module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">base64</module-option>
This is well documented in the JBoss 4 AS Guide.