0 Replies Latest reply on Mar 11, 2008 7:33 AM by mskonda

    MDB Security Vs JBM Security

    mskonda Apprentice

      Hello Team

      I have a situation - I got an MDB that needs by passing the secured JMS Server.

      That is, I have a secured JBM using DatabaseLoginModule.
      The login-config.xml's messaging domain reflects use of this module.
      The messaging-service.xml is updated to add the DefaultSecurityConfig.

      Now, I want the external clients to get authenticated and authorised while my MDB should by pass.

      So, I've added unauthenticatedIdentity as 'guest' to the 'messaging' applicaiton policy in login-config.xml

      I've added the relevant security-identity and security-role to the ejb-jar.xml.

      I've also added security-domain to the jboss.xml - I've pointed to java:jaas/messaging (tried with 'other' too). Iv'e added the security-domain to the container configuraiton too.

      Inspite of doign this, when I deploy my MDB it complains saying the user null is not authenticated.

      I'll appreciate if someone thorws a bit of light on this issue.

      (My understanding is that MDB uses the DefaultJMSProvider which inturns uses the default (XA)ConnectionFactory which I think uses the 'messaging' applicaiton policy - right or wrong?)

      Regards
      /Madhu