3 Replies Latest reply on Aug 31, 2010 6:04 PM by victor Kazakov

    Problems with jaas SecurityDomain and  @MessageDriven

    luke biddell Newbie

      I'm porting an existing application from 422GA to 5 and am having trouble with security where we use @MessageDriven.

      Within the app we have an existing bean with the @MessageDriven annotation. Within this annotation we set the user and password @ActivationConfigProperty. These credentials exist within our custom Jaas security domain.

      I've changed the SecurityStore within messaging-jboss-beans.xml so that the security domain points to our domain (ie java:/jaas/mydomain).

      And finally within the destinations-service.xml I have put an entry for the queue referenced in the @MessageDriven bean (This queue used to be auto-created in 422 but understand this is no longer the default behaviour, hence the destinations-service.xml entry).

      However, when I start Jboss5 I get the error:

      javax.jms.JMSSecurityException: User myuser is NOT authenticated


      My security domain's JaasLoginModule is never called, it seems like the security domain association is not realised when the annotation is processed.

      Can anyone see anything obvious I've missed?

      Note that my bean has the @SecurityDomain attribute, and I've tried all 3 flavours of this to no avail.

      Cheers

      Luke

        • 1. Re: Problems with jaas SecurityDomain and  @MessageDriven
          Yong Hao Gao Master

          I suppose you are using JBM 1.4.1.GA that comes with JBOSS AS 5. It doesn't look like a jboss messaging issue. Can you please give the full stack trace of the exception and also your queue configuration in destinations-service.xml so we can have a better understanding of this issue? also can you please post to AS forum also to get more help?

          • 2. Re: Problems with jaas SecurityDomain and  @MessageDriven
            luke biddell Newbie

            Thanks for the reply,

            This is a vanilla JBoss5.0.0 with the latest JBoss ejb3 build.

            Here's the stack trace. I know that the problem is occurring when deploying my mdb as it's the only bean that uses that particular credential.

            09:04:09,502 ERROR [ExceptionUtil] ConnectionFactoryEndpoint[jboss.messaging.connectionfactory:service=ConnectionFactory] createFailoverConnectionDelegate [da-m6b2sbrf-1-
            5gkxrbrf-w8ajbw-x1461k]
            javax.jms.JMSSecurityException: User jmsuser is NOT authenticated
             at org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore.authenticate(JBossASSecurityMetadataStore.java:223)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:93)
             at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:27)
             at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:208)
             at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:120)
             at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:262)
             at javax.management.StandardMBean.invoke(StandardMBean.java:391)
             at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
             at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
             at $Proxy236.authenticate(Unknown Source)
             at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegateInternal(ServerConnectionFactoryEndpoint.java:233)
             at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegate(ServerConnectionFactoryEndpoint.java:171)
             at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.org$jboss$jms$server$endpoint$advised$ConnectionFactoryAdvised$createConnectionDelegate$aop(Conn
            ectionFactoryAdvised.java:108)
             at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.createConnectionDelegate(ConnectionFactoryAdvised.java)
             at org.jboss.jms.wireformat.ConnectionFactoryCreateConnectionDelegateRequest.serverInvoke(ConnectionFactoryCreateConnectionDelegateRequest.java:91)
             at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143)
             at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908)
             at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106)
             at org.jboss.remoting.Client.invoke(Client.java:1708)
             at org.jboss.remoting.Client.invoke(Client.java:612)
             at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.org$jboss$jms$client$delegate$ClientConnectionFactoryDelegate$createConnectionDelegate$aop(Client
            ConnectionFactoryDelegate.java:171)
             at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeTarget(ClientConnectionFactoryDelegate$create
            ConnectionDelegate_N3019492359065420858.java)
             at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
             at org.jboss.jms.client.container.StateCreationAspect.handleCreateConnectionDelegate(StateCreationAspect.java:81)
             at org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect_z_handleCreateConnectionDelegate_23138316.invoke(StateCreationAspect_z_handleCreateConn
            ectionDelegate_23138316.java)
             at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
             at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.createConnectionDelegate(ClientConnectionFactoryDelegate.java)
             at org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFactory.java:205)
             at org.jboss.jms.client.JBossConnectionFactory.createXAQueueConnection(JBossConnectionFactory.java:142)
             at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupQueueConnection(JmsActivation.java:533)
             at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupConnection(JmsActivation.java:506)
             at org.jboss.resource.adapter.jms.inflow.JmsActivation.setup(JmsActivation.java:353)
             at org.jboss.resource.adapter.jms.inflow.JmsActivation$SetupActivation.run(JmsActivation.java:729)
             at org.jboss.resource.work.WorkWrapper.execute(WorkWrapper.java:204)
             at org.jboss.util.threadpool.BasicTaskWrapper.run(BasicTaskWrapper.java:260)
             at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
             at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
             at java.lang.Thread.run(Thread.java:619)
            09:04:09,659 WARN [JmsActivation] Failure in jms activation org.jboss.resource.adapter.jms.inflow.JmsActivationSpec@37de6a(ra=org.jboss.resource.adapter.jms.JmsResourceA
            dapter@eb37cd destination=queue/E3rCorrespondenceMDB destinationType=javax.jms.Queue tx=true durable=false reconnect=10 provider=java:/DefaultJMSProvider user=jmssrv pass
            =<not shown> maxMessages=1024 minSession=1 maxSession=64 keepAlive=60000 useDLQ=false)
            javax.jms.JMSSecurityException: User jmssrv is NOT authenticated
             at org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore.authenticate(JBossASSecurityMetadataStore.java:223)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:93)
             at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:27)
             at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:208)
             at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:120)
             at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:262)
             at javax.management.StandardMBean.invoke(StandardMBean.java:391)
             at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
             at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
             at $Proxy236.authenticate(Unknown Source)
             at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegateInternal(ServerConnectionFactoryEndpoint.java:233)
             at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegate(ServerConnectionFactoryEndpoint.java:171)
             at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.org$jboss$jms$server$endpoint$advised$ConnectionFactoryAdvised$createConnectionDelegate$aop(Conn
            ectionFactoryAdvised.java:108)
             at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.createConnectionDelegate(ConnectionFactoryAdvised.java)
             at org.jboss.jms.wireformat.ConnectionFactoryCreateConnectionDelegateRequest.serverInvoke(ConnectionFactoryCreateConnectionDelegateRequest.java:91)
             at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143)
             at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908)
             at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:106)
             at org.jboss.remoting.Client.invoke(Client.java:1708)
             at org.jboss.remoting.Client.invoke(Client.java:612)
             at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.org$jboss$jms$client$delegate$ClientConnectionFactoryDelegate$createConnectionDelegate$aop(Client
            ConnectionFactoryDelegate.java:171)
             at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeTarget(ClientConnectionFactoryDelegate$create
            ConnectionDelegate_N3019492359065420858.java)
             at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
             at org.jboss.jms.client.container.StateCreationAspect.handleCreateConnectionDelegate(StateCreationAspect.java:81)
             at org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect_z_handleCreateConnectionDelegate_23138316.invoke(StateCreationAspect_z_handleCreateConn
            ectionDelegate_23138316.java)
             at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
             at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.createConnectionDelegate(ClientConnectionFactoryDelegate.java)
             at org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFactory.java:205)
             at org.jboss.jms.client.JBossConnectionFactory.createXAQueueConnection(JBossConnectionFactory.java:142)
             at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupQueueConnection(JmsActivation.java:533)
             at org.jboss.resource.adapter.jms.inflow.JmsActivation.setupConnection(JmsActivation.java:506)
             at org.jboss.resource.adapter.jms.inflow.JmsActivation.setup(JmsActivation.java:353)
             at org.jboss.resource.adapter.jms.inflow.JmsActivation$SetupActivation.run(JmsActivation.java:729)
             at org.jboss.resource.work.WorkWrapper.execute(WorkWrapper.java:204)
             at org.jboss.util.threadpool.BasicTaskWrapper.run(BasicTaskWrapper.java:260)
             at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
             at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
             at java.lang.Thread.run(Thread.java:619)



            Here's my destinations-service.xml.

            <mbean code="org.jboss.jms.server.destination.QueueService"
             name="jboss.messaging.destination:service=Queue,name=MyQueue"
             xmbean-dd="xmdesc/Queue-xmbean.xml">
             <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
             <depends>jboss.messaging:service=PostOffice</depends>
             </mbean>
            
            


            and here's my messaging-jboss-beans.xml

            <bean name="SecurityStore" class="org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore">
             <!-- default security configuration -->
             <property name="defaultSecurityConfig">
             <![CDATA[
             <security>
             <role name="guest" read="true" write="true" create="true"/>
             </security>
             ]]>
             </property>
             <property name="suckerPassword">changedit</property>
             <property name="securityDomain">java:/jaas/MyDomain</property>
             <property name="securityManagement"><inject bean="JNDIBasedSecurityManagement"/></property>
             <!-- @JMX annotation to export the management view of this bean -->
             <annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.messaging:service=SecurityStore",exposedInterface=org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStoreMBean.class)</annotation>
             </bean>
            


            I've tried both the fully qualified jndi jaas domain (as shown above) and just using MyDomain in the securityDomain property, all to no avail.

            Thanks for any help you can provide.

            • 3. Re: Problems with jaas SecurityDomain and  @MessageDriven
              victor Kazakov Newbie

              Hi, I am having the exact same problem in using jboss 5.1.0, did you find a solution?

               

              Thanks,

              Victor