4 Replies Latest reply on Jan 17, 2008 9:11 AM by Markus Falk

    SecurityException - Wrong credentials

    Markus Falk Newbie

      Hi,

      i try to send a message transacted to a queue, but an exception is thrown while processing:

      2008-01-15 10:57:02,932 ERROR [org.jboss.jms.tx.ResourceManager] org.jboss.jms.exception.MessagingXAException: A security exception happend!
      org.jboss.jms.exception.MessagingXAException: A security exception happend!
       at org.jboss.jms.tx.ResourceManager.sendTransactionXA(ResourceManager.java:641)
       at org.jboss.jms.tx.ResourceManager.commit(ResourceManager.java:370)
       at org.jboss.jms.tx.MessagingXAResource.commit(MessagingXAResource.java:238)
       at org.jboss.resource.connectionmanager.xa.JcaXAResourceWrapper.commit(JcaXAResourceWrapper.java:53)
       at com.arjuna.ats.internal.jta.resources.arjunacore.XAResourceRecord.topLevelOnePhaseCommit(XAResourceRecord.java:636)
       at com.arjuna.ats.arjuna.coordinator.BasicAction.onePhaseCommit(BasicAction.java:2619)
       at com.arjuna.ats.arjuna.coordinator.BasicAction.End(BasicAction.java:1779)
       at com.arjuna.ats.arjuna.coordinator.TwoPhaseCoordinator.end(TwoPhaseCoordinator.java:88)
       at com.arjuna.ats.arjuna.AtomicAction.commit(AtomicAction.java:177)
       at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.commitAndDisassociate(TransactionImple.java:1389)
       at com.arjuna.ats.internal.jta.transaction.arjunacore.BaseTransaction.commit(BaseTransaction.java:135)
       at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:87)
       at org.jboss.aspects.tx.TxPolicy.endTransaction(TxPolicy.java:175)
       at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:87)
       at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
       at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:304)
       at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
       at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
       at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:769)
       at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:573)
       at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:373)
       at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
      Caused by: javax.jms.JMSSecurityException: User: guest is not authorized to write to destination authByVoipProcessMdb_Queue
       at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:312)
       at org.jboss.jms.server.container.SecurityAspect.handleSendTransaction(SecurityAspect.java:190)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:121)
       at org.jboss.jms.server.endpoint.advised.ConnectionAdvised$sendTransaction_N3268650789275322226.invokeNext(ConnectionAdvised$sendTransaction_N3268650789275322226.java)
       at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105)
       at org.jboss.jms.server.endpoint.advised.ConnectionAdvised$sendTransaction_N3268650789275322226.invokeNext(ConnectionAdvised$sendTransaction_N3268650789275322226.java)
       at org.jboss.jms.server.endpoint.advised.ConnectionAdvised.sendTransaction(ConnectionAdvised.java)
       at org.jboss.jms.wireformat.ConnectionSendTransactionRequest.serverInvoke(ConnectionSendTransactionRequest.java:82)
       at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143)
       at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:769)
       at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:101)
       at org.jboss.remoting.Client.invoke(Client.java:1634)
       at org.jboss.remoting.Client.invoke(Client.java:548)
       at org.jboss.remoting.Client.invoke(Client.java:536)
       at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:187)
       at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:158)
       at org.jboss.jms.client.delegate.ClientConnectionDelegate.org$jboss$jms$client$delegate$ClientConnectionDelegate$sendTransaction$aop(ClientConnectionDelegate.java:221)
       at org.jboss.jms.client.delegate.ClientConnectionDelegate$sendTransaction_N3268650789275322226.invokeNext(ClientConnectionDelegate$sendTransaction_N3268650789275322226.java)
       at org.jboss.jms.client.container.FailoverValveInterceptor.invoke(FailoverValveInterceptor.java:92)
       at org.jboss.aop.advice.PerInstanceInterceptor.invoke(PerInstanceInterceptor.java:105)
       at org.jboss.jms.client.delegate.ClientConnectionDelegate$sendTransaction_N3268650789275322226.invokeNext(ClientConnectionDelegate$sendTransaction_N3268650789275322226.java)
       at org.jboss.jms.client.container.ClosedInterceptor.invoke(ClosedInterceptor.java:170)
       at org.jboss.aop.advice.PerInstanceInterceptor.invoke(PerInstanceInterceptor.java:105)
       at org.jboss.jms.client.delegate.ClientConnectionDelegate$sendTransaction_N3268650789275322226.invokeNext(ClientConnectionDelegate$sendTransaction_N3268650789275322226.java)
       at org.jboss.jms.client.delegate.ClientConnectionDelegate.sendTransaction(ClientConnectionDelegate.java)
       at org.jboss.jms.tx.ResourceManager.sendTransactionXA(ResourceManager.java:637)
       ... 33 more
      
      


      It is a pretty easy example. I have an EJB

      import java.util.Properties;
      
      import javax.ejb.Stateless;
      import javax.jms.ObjectMessage;
      import javax.jms.Queue;
      import javax.jms.QueueConnection;
      import javax.jms.QueueConnectionFactory;
      import javax.jms.QueueSender;
      import javax.jms.QueueSession;
      import javax.jms.XAQueueConnection;
      import javax.jms.XAQueueConnectionFactory;
      import javax.naming.Context;
      
      import de.schlund.j2ee.apps.genericTester.MessageSenderInterface;
      
      @Stateless
      public class MessageSender implements MessageSenderInterface{
      
       public void sendMessage(){
       try {
      
       Properties p = new Properties( );
       p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
       p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
       p.put(Context.PROVIDER_URL, "jnp://172.17.13.237:1299");
       Context ctx = new javax.naming.InitialContext(p);
      
       QueueConnectionFactory factory = (QueueConnectionFactory) ctx.lookup("java:/JmsXA");
       QueueConnection connection = factory.createQueueConnection("user1","password1");
       Queue queue = (Queue) ctx.lookup("queue/myOwn_Queue");
       QueueSession session = connection.createQueueSession(true, -1);
       connection.start();
      
       QueueSender sender = session.createSender(queue);
       ObjectMessage msg = session.createObjectMessage();
       msg.setLongProperty("LFDNR", new Long (54676219l));
      
       sender.send(msg);
      
       sender.close();
       session.close();
       connection.close();
       System.out.println("Message Send");
      
       }
       catch (Exception e) {e.printStackTrace();};
       }
      }
      


      I call the EJB with the client:
       public static void main(String [] args){
      
       try{
       Properties p = new Properties( );
       p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
       p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
       p.put(Context.PROVIDER_URL, "jnp://172.17.13.237:1299");
       Context ctx = new javax.naming.InitialContext(p);
       Object ref = ctx.lookup("genericTester/MessageSender/remote");
       MessageSenderInterface msi = (MessageSenderInterface) PortableRemoteObject.narrow(ref, MessageSenderInterface.class);
       msi.sendMessage();
       }
       catch (Exception e){e.printStackTrace();}
      
       }
      


      My installed JBoss is 4.2.2 and the message System is 1.4.0 SP1.

      When I debug the JBoss, the org.jboss.jms.server.endpoint.ServerConnectionEndpoint has the wrong credentials saved (username:guest /password:guest).

      So is there an other way to call the QueueConnection where the username and password are correctly inserted?

      I also tried to use the ConnectionFactory and the XAConnectionFactory. There is no problem with the securitychecks, but when you create the Session with:
      QueueSession session = connectionXA.createQueueSession(true, -1)
      

      the message is not delivered correctly. The program runs without exception, but the message never appears in the queue.

      So there are 2 problems:
      1. The securitycheck when I use java:/JmsXA
      2. The dissappear of the message when I use ConnectionFactory or XAConnectionFactory


      Thx for help.

        • 1. Re: SecurityException - Wrong credentials
          mskonda Apprentice

          To me it seems you are accessing the JBM without appropriate credentials (obviously!).

          That is, as you haven't mentioned about the store where you are reading the credentials, I am assuming you are going with default setup that comes with JBM installation.

          If this is the case, then the default setup reads the usernames/passwords/roles from properties files that exist under jboss-messaging.sar. The property files are messaging-users.properties and messaging-roles.properties

          So the solution to your problem is - ammend these property files to add your usernames ("user1" and "password1") and appropriate role too.

          If you wish to replace the property store with Database or LDAP, then that's a different story. If it is with Database, I think I can guide.

          Hope this helps.

          /Madhu

          • 2. Re: SecurityException - Wrong credentials
            Markus Falk Newbie

            First, thanks for your answer.

            But I can say that the user and his roles are in the messaging-users.properties and messaging-roles.properties files.

            The complete program works, when I use the XAConnection and get a non-transacted session:

            QueueSession session = connection.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE);
            


            So in this case, the right credentials are read properly from the properties. Only the lookup with the java:/JmsXA jndipath lead to the securityException.

            My aim is to get a transacted session in the end. With the java:/JmsXA lookup or XAConnectionFactory lookup is not important. the important thing is that the message is received transacted by the queue.

            • 3. Re: SecurityException - Wrong credentials
              mskonda Apprentice

              Sorry for delaying in reply.

              Well, checkout your application-policy configuration in conf/login-config.xml. There should be a "JmsXARealm" policy defined - however this MCF is being created with guest credentials by default.

              However, this is not the actual solution, you could change these values to reflect those of yours and try.

              I always find this JmsXARealm confusing :(

              /Madhu

              • 4. Re: SecurityException - Wrong credentials
                Markus Falk Newbie

                Yes you're right. I found your solution in the post:

                http://www.jboss.org/index.html?module=bb&op=viewtopic&t=114799

                I took some time since I understood it, but now it works...

                Thx!