6 Replies Latest reply on May 2, 2006 1:31 PM by Oliver Hernandez

    Will other login modules work w/ Messaging?

    Oliver Hernandez Newbie

      In JBossMQ, we used the "org.jboss.mq.sm.file.DynamicLoginModule" login module configured to store hashed passwords in the "jbossmq-state.xml" file. I couldn't get this to work running Messaging under JBoss 4.0.3SP1. Is Messaging currently just limited to the "org.jboss.security.auth.spi.UsersRolesLoginModule" login module?

        • 1. Re: Will other login modules work w/ Messaging?
          Ovidiu Feodorov Master

          Messaging should work with any JAAS loging module. It's true I didn't test it with DynamicLoginModule (it's a JBossMQ module). I'll investigate and get back to you.

          • 2. Re: Will other login modules work w/ Messaging?
            Oliver Hernandez Newbie

            I'm trying for the sake of testing to use the default login module, and cannot get it to work. From my client, I'm getting:

            2006-04-28 14:33:42,293 WARN [inbound] An exception occurred on the server side when making remote invocation. The exception returned from server does not include a stack trace. Original server side exception message is User jms is NOT authenticated
            javax.jms.JMSSecurityException: User jms is NOT authenticated
            

            The server doesn't log anything.
            I added the security domain to my "login-config.xml" per the readme included with Messaging.

            My messaging-users.properties:
            # A sample users.properties file for use with the UsersRolesLoginModule
            admin=admin
            jms=jms
            

            My messaging-roles.properties:
            # A sample roles.properties file for use with the UsersRolesLoginModule
            admin=JBossAdmin,HttpInvoker
            jms=discon
            

            My test queue I'm trying to send to:
            <?xml version="1.0" encoding="UTF-8"?>
             <server>
             <loader-repository>jboss.messaging:loader=ScopedLoaderRepository
             <loader-repository-config>java2ParentDelegation=false</loader-repository-config>
             </loader-repository>
             <mbean code="org.jboss.jms.server.destination.Queue"
             name="jboss.messaging.destination:service=Queue,name=99999"
             xmbean-dd="xmdesc/Queue-xmbean.xml">
             <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
             <attribute name="SecurityConfig">
             <security>
             <role name="discon" read="true" write="true" create="true"/>
             </security>
             </attribute>
             </mbean>
             </server>
            


            I can successfully send messages if I set the role for my queue to "guest", but not if I set it to my defined role.

            TIA.


            • 3. Re: Will other login modules work w/ Messaging?
              Ovidiu Feodorov Master

              seems to be a bug. Please raise a JIRA issue, since 1.0.1.CR1 is not out yet, I'll try to include the fix in the release

              • 4. Re: Will other login modules work w/ Messaging?
                Oliver Hernandez Newbie

                I figured out the problem. May just require updating documentation. I added the following comment to the JIRA task I opened:


                I believe this can be closed, the problem is due to a misconfiguration. I noticed within the current scoped sar of Messaging the "messaging-users.properties" and "messaging-roles.properties" files. I was configuring my users and roles in the files under the "\conf" folder. Once I removed the files from the scoped sar, I was able to send to my destinations configured with my security role.


                • 5. Re: Will other login modules work w/ Messaging?
                  Ovidiu Feodorov Master

                  Thanks, I'll update the documentation

                  • 6. Re: Will other login modules work w/ Messaging?
                    Oliver Hernandez Newbie

                     

                    "OliverHrdz" wrote:
                    In JBossMQ, we used the "org.jboss.mq.sm.file.DynamicLoginModule" login module configured to store hashed passwords in the "jbossmq-state.xml" file. I couldn't get this to work running Messaging under JBoss 4.0.3SP1. Is Messaging currently just limited to the "org.jboss.security.auth.spi.UsersRolesLoginModule" login module?


                    I only needed a way to store hashed passwords, and found out I could do this with the default login module "org.jboss.security.auth.spi.UsersRolesLoginModule", instead of the "org.jboss.mq.sm.file.DynamicLoginModule" login module that I couldn't get to work. The default module also takes the following options:
                     <module-option name="hashAlgorithm">MD5</module-option>
                     <module-option name="hashEncoding">base64</module-option>
                    

                    This is well documented in the JBoss 4 AS Guide.