4 Replies Latest reply on Jan 17, 2008 9:11 AM by cornhoolio22

SecurityException - Wrong credentials

cornhoolio22 Jan 15, 2008 7:12 AM

Hi,

i try to send a message transacted to a queue, but an exception is thrown while processing:

2008-01-15 10:57:02,932 ERROR [org.jboss.jms.tx.ResourceManager] org.jboss.jms.exception.MessagingXAException: A security exception happend!
org.jboss.jms.exception.MessagingXAException: A security exception happend!
 at org.jboss.jms.tx.ResourceManager.sendTransactionXA(ResourceManager.java:641)
 at org.jboss.jms.tx.ResourceManager.commit(ResourceManager.java:370)
 at org.jboss.jms.tx.MessagingXAResource.commit(MessagingXAResource.java:238)
 at org.jboss.resource.connectionmanager.xa.JcaXAResourceWrapper.commit(JcaXAResourceWrapper.java:53)
 at com.arjuna.ats.internal.jta.resources.arjunacore.XAResourceRecord.topLevelOnePhaseCommit(XAResourceRecord.java:636)
 at com.arjuna.ats.arjuna.coordinator.BasicAction.onePhaseCommit(BasicAction.java:2619)
 at com.arjuna.ats.arjuna.coordinator.BasicAction.End(BasicAction.java:1779)
 at com.arjuna.ats.arjuna.coordinator.TwoPhaseCoordinator.end(TwoPhaseCoordinator.java:88)
 at com.arjuna.ats.arjuna.AtomicAction.commit(AtomicAction.java:177)
 at com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionImple.commitAndDisassociate(TransactionImple.java:1389)
 at com.arjuna.ats.internal.jta.transaction.arjunacore.BaseTransaction.commit(BaseTransaction.java:135)
 at com.arjuna.ats.jbossatx.BaseTransactionManagerDelegate.commit(BaseTransactionManagerDelegate.java:87)
 at org.jboss.aspects.tx.TxPolicy.endTransaction(TxPolicy.java:175)
 at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:87)
 at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:191)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:95)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:62)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:77)
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:304)
 at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
 at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
 at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:769)
 at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:573)
 at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:373)
 at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
Caused by: javax.jms.JMSSecurityException: User: guest is not authorized to write to destination authByVoipProcessMdb_Queue
 at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:312)
 at org.jboss.jms.server.container.SecurityAspect.handleSendTransaction(SecurityAspect.java:190)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:121)
 at org.jboss.jms.server.endpoint.advised.ConnectionAdvised$sendTransaction_N3268650789275322226.invokeNext(ConnectionAdvised$sendTransaction_N3268650789275322226.java)
 at org.jboss.jms.server.container.ServerLogInterceptor.invoke(ServerLogInterceptor.java:105)
 at org.jboss.jms.server.endpoint.advised.ConnectionAdvised$sendTransaction_N3268650789275322226.invokeNext(ConnectionAdvised$sendTransaction_N3268650789275322226.java)
 at org.jboss.jms.server.endpoint.advised.ConnectionAdvised.sendTransaction(ConnectionAdvised.java)
 at org.jboss.jms.wireformat.ConnectionSendTransactionRequest.serverInvoke(ConnectionSendTransactionRequest.java:82)
 at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143)
 at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:769)
 at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:101)
 at org.jboss.remoting.Client.invoke(Client.java:1634)
 at org.jboss.remoting.Client.invoke(Client.java:548)
 at org.jboss.remoting.Client.invoke(Client.java:536)
 at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:187)
 at org.jboss.jms.client.delegate.DelegateSupport.doInvoke(DelegateSupport.java:158)
 at org.jboss.jms.client.delegate.ClientConnectionDelegate.org$jboss$jms$client$delegate$ClientConnectionDelegate$sendTransaction$aop(ClientConnectionDelegate.java:221)
 at org.jboss.jms.client.delegate.ClientConnectionDelegate$sendTransaction_N3268650789275322226.invokeNext(ClientConnectionDelegate$sendTransaction_N3268650789275322226.java)
 at org.jboss.jms.client.container.FailoverValveInterceptor.invoke(FailoverValveInterceptor.java:92)
 at org.jboss.aop.advice.PerInstanceInterceptor.invoke(PerInstanceInterceptor.java:105)
 at org.jboss.jms.client.delegate.ClientConnectionDelegate$sendTransaction_N3268650789275322226.invokeNext(ClientConnectionDelegate$sendTransaction_N3268650789275322226.java)
 at org.jboss.jms.client.container.ClosedInterceptor.invoke(ClosedInterceptor.java:170)
 at org.jboss.aop.advice.PerInstanceInterceptor.invoke(PerInstanceInterceptor.java:105)
 at org.jboss.jms.client.delegate.ClientConnectionDelegate$sendTransaction_N3268650789275322226.invokeNext(ClientConnectionDelegate$sendTransaction_N3268650789275322226.java)
 at org.jboss.jms.client.delegate.ClientConnectionDelegate.sendTransaction(ClientConnectionDelegate.java)
 at org.jboss.jms.tx.ResourceManager.sendTransactionXA(ResourceManager.java:637)
 ... 33 more

It is a pretty easy example. I have an EJB

import java.util.Properties;

import javax.ejb.Stateless;
import javax.jms.ObjectMessage;
import javax.jms.Queue;
import javax.jms.QueueConnection;
import javax.jms.QueueConnectionFactory;
import javax.jms.QueueSender;
import javax.jms.QueueSession;
import javax.jms.XAQueueConnection;
import javax.jms.XAQueueConnectionFactory;
import javax.naming.Context;

import de.schlund.j2ee.apps.genericTester.MessageSenderInterface;

@Stateless
public class MessageSender implements MessageSenderInterface{

 public void sendMessage(){
 try {

 Properties p = new Properties( );
 p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
 p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
 p.put(Context.PROVIDER_URL, "jnp://172.17.13.237:1299");
 Context ctx = new javax.naming.InitialContext(p);

 QueueConnectionFactory factory = (QueueConnectionFactory) ctx.lookup("java:/JmsXA");
 QueueConnection connection = factory.createQueueConnection("user1","password1");
 Queue queue = (Queue) ctx.lookup("queue/myOwn_Queue");
 QueueSession session = connection.createQueueSession(true, -1);
 connection.start();

 QueueSender sender = session.createSender(queue);
 ObjectMessage msg = session.createObjectMessage();
 msg.setLongProperty("LFDNR", new Long (54676219l));

 sender.send(msg);

 sender.close();
 session.close();
 connection.close();
 System.out.println("Message Send");

 }
 catch (Exception e) {e.printStackTrace();};
 }
}

I call the EJB with the client:

 public static void main(String [] args){

 try{
 Properties p = new Properties( );
 p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
 p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
 p.put(Context.PROVIDER_URL, "jnp://172.17.13.237:1299");
 Context ctx = new javax.naming.InitialContext(p);
 Object ref = ctx.lookup("genericTester/MessageSender/remote");
 MessageSenderInterface msi = (MessageSenderInterface) PortableRemoteObject.narrow(ref, MessageSenderInterface.class);
 msi.sendMessage();
 }
 catch (Exception e){e.printStackTrace();}

 }

My installed JBoss is 4.2.2 and the message System is 1.4.0 SP1.

When I debug the JBoss, the org.jboss.jms.server.endpoint.ServerConnectionEndpoint has the wrong credentials saved (username:guest /password:guest).

So is there an other way to call the QueueConnection where the username and password are correctly inserted?

I also tried to use the ConnectionFactory and the XAConnectionFactory. There is no problem with the securitychecks, but when you create the Session with:

QueueSession session = connectionXA.createQueueSession(true, -1)

the message is not delivered correctly. The program runs without exception, but the message never appears in the queue.

So there are 2 problems:
1. The securitycheck when I use java:/JmsXA
2. The dissappear of the message when I use ConnectionFactory or XAConnectionFactory

Thx for help.

1. Re: SecurityException - Wrong credentials

mskonda Jan 16, 2008 4:16 AM (in response to cornhoolio22)

To me it seems you are accessing the JBM without appropriate credentials (obviously!).

That is, as you haven't mentioned about the store where you are reading the credentials, I am assuming you are going with default setup that comes with JBM installation.

If this is the case, then the default setup reads the usernames/passwords/roles from properties files that exist under jboss-messaging.sar. The property files are messaging-users.properties and messaging-roles.properties

So the solution to your problem is - ammend these property files to add your usernames ("user1" and "password1") and appropriate role too.

If you wish to replace the property store with Database or LDAP, then that's a different story. If it is with Database, I think I can guide.

Hope this helps.

/Madhu
Actions
2. Re: SecurityException - Wrong credentials

cornhoolio22 Jan 16, 2008 4:55 AM (in response to cornhoolio22)
First, thanks for your answer.

But I can say that the user and his roles are in the messaging-users.properties and messaging-roles.properties files.

The complete program works, when I use the XAConnection and get a non-transacted session:
QueueSession session = connection.createQueueSession(false, QueueSession.AUTO_ACKNOWLEDGE);

So in this case, the right credentials are read properly from the properties. Only the lookup with the java:/JmsXA jndipath lead to the securityException.

My aim is to get a transacted session in the end. With the java:/JmsXA lookup or XAConnectionFactory lookup is not important. the important thing is that the message is received transacted by the queue.
Actions
3. Re: SecurityException - Wrong credentials

mskonda Jan 17, 2008 5:13 AM (in response to cornhoolio22)

Sorry for delaying in reply.

Well, checkout your application-policy configuration in conf/login-config.xml. There should be a "JmsXARealm" policy defined - however this MCF is being created with guest credentials by default.

However, this is not the actual solution, you could change these values to reflect those of yours and try.

I always find this JmsXARealm confusing :(

/Madhu
Actions
4. Re: SecurityException - Wrong credentials

cornhoolio22 Jan 17, 2008 9:11 AM (in response to cornhoolio22)

Yes you're right. I found your solution in the post:

http://www.jboss.org/index.html?module=bb&op=viewtopic&t=114799

I took some time since I understood it, but now it works...

Thx!
Actions

Go to original post