0 Replies Latest reply on Jun 25, 2010 5:54 AM by Michael Lieshoff

    3rd party engine hurts JMS security

    Michael Lieshoff Newbie

      Hello,

       

      my constellation used a 3rd party engine for communicating with a legacy system in jBoss 4.0.5GA. All works fine until i began to use JMS for communication with some other systems. All settings for JMS are correct, i tried security with standard users and no security, all fails at this point (from log view): (if failing, log entry is not displayed.)

       

      SpyDestinationObjectFactory] SpyDestinationObjectFactory->getObjectInstance()

       

      with following exception:

       

      {code}

      javax.jms.JMSSecurityException: User: null is NOT authenticated

              at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:230)

              at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:66)

              at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:613)

              at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:172)

              at org.jboss.mq.il.jvm.JVMServerIL.authenticate(JVMServerIL.java:165)

              at org.jboss.mq.Connection.authenticate(Connection.java:1065)

              at org.jboss.mq.Connection.<init>(Connection.java:252)

              at org.jboss.mq.Connection.<init>(Connection.java:323)

              at org.jboss.mq.SpyConnection.<init>(SpyConnection.java:116)

              at org.jboss.mq.SpyConnectionFactory.internalCreateConnection(SpyConnectionFactory.java:137)

              at org.jboss.mq.SpyConnectionFactory.createQueueConnection(SpyConnectionFactory.java:108)

              at org.jboss.ejb.plugins.jms.DLQHandler.createService(DLQHandler.java:187)

              at org.jboss.system.ServiceMBeanSupport.jbossInternalCreate(ServiceMBeanSupport.java:260)

              at org.jboss.system.ServiceMBeanSupport.create(ServiceMBeanSupport.java:188)

              at org.jboss.ejb.plugins.jms.JMSContainerInvoker.innerStartDelivery(JMSContainerInvoker.java:510)

              at org.jboss.ejb.plugins.jms.JMSContainerInvoker.startService(JMSContainerInvoker.java:839)

              at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)

              at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)

              at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)

              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

              at java.lang.reflect.Method.invoke(Method.java:597)

              at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)

              at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)

              at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)

              at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)

              at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)

              at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)

              at $Proxy0.start(Unknown Source)

      {code}

       

      If i remove the 3rd party engine, everything is fine. I have located the problem in a small piece of static code from a main class in this engine:

       

       

      {code}

              AuthPolicy.registerAuthScheme("Negotiate", ISGNegotiateScheme.class);
              ArrayList schemes = new ArrayList();
              schemes.add("Negotiate");
              schemes.add("Digest");
              HttpParams params = DefaultHttpParams.getDefaultParams();
              params.setParameter(AuthPolicy.AUTH_SCHEME_PRIORITY, schemes);
              // Register login configuration and callback handler
              System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
              Security.setProperty("auth.login.defaultCallbackHandler",
                      "com.isg.common.kds.ISGNegotiateCallbackHandler");
              Configuration cfg = new Configuration() {
                  public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                      HashMap opts = new HashMap();
                      opts.put("client", "true");
                      opts.put("debug", "true");
                      AppConfigurationEntry entry = new AppConfigurationEntry(
                              "com.sun.security.auth.module.Krb5LoginModule",
                              LoginModuleControlFlag.REQUIRED, opts);
                      return new AppConfigurationEntry[] { entry };
                  }
                 
                  public void refresh() {
                  }
              };
              Configuration.setConfiguration(cfg);
      {code}

       

      This static code will be started early after application starts. I think it setted the authentification for HTTP communication to other login module (KRB5) and after this JMS can't find anymore users.

       

      What can i do to safe JMS by this?

       

      Thanks.