9 Replies Latest reply on May 15, 2013 3:00 AM by bondchan921

Disappearing credentials after publisher.send

thammoud Aug 31, 2009 8:37 AM

Hello,

I hope that this is the right forum for this. We are undergoing an effort to switch to JBOSS messaging from ActiveMQ (Soon 2.x). Our first effort is to get our stuff to work with JBM 1.4x and then 2.x. We have noticed that when we send a message using JMS, the current active principal is no longer active.

Basically, we call the following (Before and After the publisher.send call)

java.security.Principal userPrincipal = SecurityContextAssociation.getSecurityContext().getUtil().getUserPrincipal();

After the send, the call returns null. Our code above the JMS layer must run in the proper security context. As far as JMS is concerned, basic guest authentication is all we need. We use JAAS for all our our authentication.

There must be a logic to this. Can someone kindly explain why we are seeing this behavior? Thank you.

1. Re: Disappearing credentials after publisher.send

thammoud Aug 31, 2009 8:44 AM (in response to thammoud)

Just to add a couple of things about our configuration, JBM is using the default "messaging" realm with no changes.
Actions
2. Re: Disappearing credentials after publisher.send

gaohoward Aug 31, 2009 10:45 AM (in response to thammoud)

Do you expect that after the send, JBM sets the Principle to the context? I don't think JBM will do this. Authentication and authorization are done at the server end.

Maybe i didn't understand you correctly. if so, can you give some code sample to illustrate? Thanks.
Actions
3. Re: Disappearing credentials after publisher.send

thammoud Aug 31, 2009 10:57 AM (in response to thammoud)
No I did not expect it to set the principal to the context. However, I also did not expect the send call to "wipe-out" the existing credentials associated with the calling thread.

System.out.println("In start of JMS Feed Session:" + JBossUtils.getCurrentUsername()); <== Non null principal defaultPublisher.send(outboundQueue, message); System.out.println("In start (After Send) of JMS Feed Session:" + JBossUtils.getCurrentUsername()); <===== NULL

Running 5.1
Actions
4. Re: Disappearing credentials after publisher.send

gaohoward Aug 31, 2009 11:04 AM (in response to thammoud)

Are you using JmsXA? I don't think JBM changes any security context during a send.
Actions

5. Re: Disappearing credentials after publisher.send

thammoud Aug 31, 2009 11:28 AM (in response to thammoud)

We use "ConnectionFactory" to create the connection factory which is defined as:

<mbean code="org.jboss.jms.server.connectionfactory.ConnectionFactory"
 name="jboss.messaging.connectionfactory:service=ConnectionFactory"
 xmbean-dd="xmdesc/ConnectionFactory-xmbean.xml">
 <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
 <depends optional-attribute-name="Connector">jboss.messaging:service=Connector,transport=bisocket</depends>
 <depends>jboss.messaging:service=PostOffice</depends>

 <attribute name="JNDIBindings">
 <bindings>
 <binding>/ConnectionFactory</binding>
 <binding>/XAConnectionFactory</binding>
 <binding>java:/ConnectionFactory</binding>
 <binding>java:/XAConnectionFactory</binding>
 </bindings>
 </attribute>
 </mbean>

Thanks for your quick response.

6. Re: Disappearing credentials after publisher.send

gaohoward Aug 31, 2009 12:03 PM (in response to thammoud)

Hi thanks for the info.

I checked JBM code and couldn't find any code that changes the context. Maybe it's a good idea that you put your question to the jboss security forum too.
Actions
7. Re: Disappearing credentials after publisher.send

thammoud Aug 31, 2009 6:33 PM (in response to thammoud)

I actually just tried JBM 2.0 Beta and it worked correctly. Same code different JMS implementation. I will see if I can dig deeper.
Actions
8. Re: Disappearing credentials after publisher.send

amalraj.palanichamy Oct 27, 2009 8:08 AM (in response to thammoud)

For workaround, Please have a look at the URL :

http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262405#4262405
Actions

9. Re: Disappearing credentials after publisher.send

bondchan921 May 15, 2013 3:00 AM (in response to gaohoward)

Same issue,

SecurityAssociation.getCallerPrincipal() ---->get the right user

		connection = queueFactory.createQueueConnection("guest","guest");
		session = connection.createQueueSession(true,Session.AUTO_ACKNOWLEDGE);
		queue = (Queue)sls.getJNDIResource(queueName);

		queueSender = session.createSender(queue);
		ObjectMessage obj_message = session.createObjectMessage();
		obj_message.setObject(obj);

		queueSender.send(obj_message);

SecurityAssociation.getCallerPrincipal() ----->principal= null

1)How can I upgrade from JBM 1.4.3 ->JBM2.0.0.B4

2)If I pop the seucrity context before invoke JMS code, and push back after queueSender.send(), works while executed later EJB code, but still get the principal=null when execution come out to the Sturct action layer and invoke EJB code again

Go to original post