0 Replies Latest reply on Dec 15, 2010 9:38 AM by grosueugen

    Securing Queues fails when using JmsXA

    grosueugen Newbie

      Hello,

       

      I'm using JBoss 5.1.0.GA, jdk 1.6, on Linux.

       

      I need to use distributed transaction with JBoss Messaging, so I used JmsXA for the connection factory.

       

      I changed the DB for messaging, so I used Oracle DB.

       

      With the default security, I was able to send/consume messages to a Queue.

       

      I decided to add a user in the Oracle DB, and that user to have rights to send/receive messages from my Queue.

       

      So, I did the following:

       

      1. create a new user in the Oracle DB:

       

         INSERT INTO JBM_USER (USER_ID, PASSWD, CLIENTID) VALUES ('my-user', 'my-user-pwd', null);
         INSERT INTO JBM_ROLE (ROLE_ID, USER_ID) VALUES ('my-role', 'my-user');

       

      2. in code, when obtaining a connection, I would use the username: "my-user", password: "my-user-pwd":

       

        Connection connection = connectionFactory.createConnection("my-user", "my-user-pwd");

       

      3. I created a new file for defining destinations, named, my-jms-service.xml, and put it in xxx/deploy/

       

        <?xml version="1.0" encoding="UTF-8"?>

        <server>        
           <mbean code="org.jboss.jms.server.destination.QueueService"
            name="orvaal.rtra.jms.destination:service=Queue,name=MyQueue"
            xmbean-dd="xmdesc/Queue-xmbean.xml">
            <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
            <depends>jboss.messaging:service=PostOffice</depends>

            <attribute name="SecurityConfig">
               <security>
                  <role name="my-role" read="true" write="true"/>
               </security>
            </attribute>

          </mbean>

      </server>

       

      4. In xxx/conf/login-config.xml, I created a new <application-policy>:

       

          <application-policy name="MyJmsXARealm">
          <authentication>
               <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
              <module-option name="dsJndiName">java:/jdbc/MyXAOracleDSJms</module-option>
                  <module-option name="principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option>
                  <module-option name="rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option>
               </login-module>
            </authentication>
        </application-policy>

       

         java:/jdbc/MyXAOracleDSJms is the JNDI name for the datasource configured for the Oracle DB used by JBoss Messaging

       

      5. In xxx/deploy/messaging/jms-ds.xml, I edited the JmsXA to know of the created MyJmsXARealm:


          <!-- JMS XA Resource adapter, use this to get transacted JMS in beans -->
         <tx-connection-factory>
            <jndi-name>JmsXA</jndi-name>
            <xa-transaction/>
            <rar-name>jms-ra.rar</rar-name>
            <connection-definition>org.jboss.resource.adapter.jms.JmsConnectionFactory</connection-definition>
            <config-property name="SessionDefaultType" type="java.lang.String">javax.jms.Topic</config-property>
            <config-property name="JmsProviderAdapterJNDI" type="java.lang.String">java:/DefaultJMSProvider</config-property>
            <max-pool-size>20</max-pool-size>
            <!-- COMMENTED THE INITIAL REALM <security-domain-and-application>JmsXARealm</security-domain-and-application> -->
            <security-domain-and-application>MyJmsXARealm</security-domain-and-application>
            <depends>jboss.messaging:service=ServerPeer</depends>
         </tx-connection-factory>

       

      The error is:

       

      2010-12-15 15:27:53,374 ERROR [org.jboss.resource.adapter.jms.JmsSessionFactoryImpl] (http-127.0.0.1-8080-1) could not create session
      java.lang.SecurityException: Unauthenticated caller:null
          at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:92)
          at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
          at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
          at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
          at org.jboss.resource.adapter.jms.JmsSessionFactoryImpl.allocateConnection(JmsSessionFactoryImpl.java:395)
          at org.jboss.resource.adapter.jms.JmsSessionFactoryImpl.createSession(JmsSessionFactoryImpl.java:374)
          at MySLSB.addToMyQueue(MySLSB.java:103)

       

      Have I done something wrong?

       

      Thanks.