5 Replies Latest reply on Apr 9, 2009 11:54 AM by Peter Johnson

    Absolute simplest JMX/JMS authentication

    Stephen Boesch Newbie

      Our servers are behind firewalls and communicating within a LAN. We only need rather simple security.

      We need JMX and JMS authentication to work for queues and a message bridge with the smallest amount of effort (although we have already spent many hours on this..).

      Following have been attempted and failed on the bridge:

      A single jmx-console-users.properties and jmx-console-roles.properties and point all of the authentication methods to them.

      Database auth

      IdentifyLoginModule


      All of them fail with javax.jms.JMSException: User myuser is NOT authenticated.

        • 1. Re: Absolute simplest JMX/JMS authentication
          Peter Johnson Master

          What version of JBoss AS? Also the Messaging version if you installed one.

          Post the changes that you made to the configuration files. Don't forget to use the 'code' tag! And preview the message to make sure the formatting is correct.

          • 2. Re: Absolute simplest JMX/JMS authentication
            Stephen Boesch Newbie

            Note here I am using guest, although had previously used myUser. Same results. Also there are three different cases, shown by the parts commented out (or not). All fail the same way: "User guest is NOT authenticated."

             <application-policy name="messaging">
             <authentication>
             <!-- <login-module code="org.jboss.security.auth.spi.IdentityLoginModule"
             flag="required">
             <module-option name="principal">myuser</module-option>
             <module-option name="roles">j2ee</module-option> -->
             <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "usersProperties">props/jmx-console-users.properties</module-option>
             <module-option name = "rolesProperties">props/jmx-console-roles.properties</module-option>
            
             <!-- <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "dsJndiName">java:/DefaultDS</module-option>
             <module-option name = "principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option>
             <module-option name = "rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option> -->
             </login-module>
             </authentication>
             </application-policy>
            


            The files props/* are here:

            # A sample roles.properties file for use with the UsersRolesLoginModule
            myuser=JBossAdmin,HttpInvoker,manager,host-manager,guest,j2ee,durpublisher,publisher,subscriber
            


            # A sample users.properties file for use with the UsersRolesLoginModule
            MCN-INC=mypassword
            



            When the database provider was used, we added the rows in the jbm_user and jbm_roles tables.

            • 3. Re: Absolute simplest JMX/JMS authentication
              Peter Johnson Master

              What you have defined is a user account named MCN-INC, but that user is not a member of any groups.

              Your first post indicates that you are attempting to log in with an account name of myuser, but you have not declared any such user in the user.properties file.

              I think you want to change the jmx-console-users.properties file to:

              myuser=password



              • 4. Re: Absolute simplest JMX/JMS authentication
                Stephen Boesch Newbie

                yes, yes, i had intended to obfuscate the username to myuser from the other one when posting here. I did a partial obfuscation here. However, my real system has the proper matching: so the concern raised does not apply on the real environment.

                • 5. Re: Absolute simplest JMX/JMS authentication
                  Peter Johnson Master

                  You still have not said which version of JBoss AS. Also, if AS 4.2.x, which version of Messaging did you install?