-
1. Re: jms-jca-provider and secured destination
h.wolffenbuttel Jun 8, 2011 4:14 AM (in response to joe_boy12)I tried your setup with a ConnectionFactory and it works fine. Why are you using XAConnectionFactory? Do you really need the dual phase commit?
(B.t.w i'm using community version 4.9)
regards,
Hans
-
2. Re: jms-jca-provider and secured destination
joe_boy12 Jun 8, 2011 3:00 PM (in response to h.wolffenbuttel)Hans,
Could you please share your config with me? I tried again w/o XA and it still not able to understand the user name from jms-security-principal attribute, and says user Null which makes me think that JCA inflow ingores these params.
Thnx
Joe
-
3. Re: jms-jca-provider and secured destination
h.wolffenbuttel Jun 9, 2011 7:28 AM (in response to joe_boy12)The directory "\jbossesb-server-4.9\server\default\conf\props" contains 2 files: messaging-roles and messaging-users. If I have to quess it takes the variables from there. The one not working for U might be the messaging-users:
#
# user=password
#
guest=guest# gatewayuser: clients that publish to the gateway
gatewayuser=gwpassword# esbuser:
# internal ESB user
esbuser=esbpasswordIs your config the same?
Here's what I used:
<jms-jca-provider connection-factory=
"ConnectionFactory"jndi-context-factory= "org.jnp.interfaces.NamingContextFactory"
jndi-pkg-prefix= "org.jboss.naming:org.jnp.interfaces"
name="JMS-JCA-Provider" transacted="true">
<jms-bus busid="ABus"> -
4. Re: jms-jca-provider and secured destination
joe_boy12 Jun 9, 2011 3:35 PM (in response to h.wolffenbuttel)Hans thnx again, I am using DatabaseServerLoginModule in messaging-jboss-beans.xml as follows and not UsersRolesLoginModule for prop files, I tried that too but in vain.
this is what my messaging-jboss-beans.xml looks
<application-policy xmlns="urn:jboss:security-beans:1.0" name="messaging">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="dsJndiName">java:/JmsDS</module-option>
<module-option name="principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option>
<module-option name="rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option>
</login-module>
</authentication>
</application-policy>and JmsDS is correctly mapped to Oracle where I have all the users and roles created and it actually works if I change it from jca to jms-provider. The jboss-esb.xml part is exactly same as yours except the queue names and thats it.
Is anybody having same issue with 5.1?
Thanks
Joe
-
5. Re: jms-jca-provider and secured destination
h.wolffenbuttel Jun 10, 2011 3:46 AM (in response to joe_boy12)In the deploy directory there is a jms-ds.xml file which has a JmsXARealm. Maybe its using this realm instead of (or in addition to) your messaging realm. The login-config.xml file contains this realm:
<application-policy name="JmsXARealm">
<module-option name="principal">guest</module-option><module-option name="userName">guest</module-option><module-option name="password">guest</module-option><module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option></login-module></authentication></application-policy>Try changing this to your database loginmodule.
Regards,
Hans
-
6. Re: jms-jca-provider and secured destination
joe_boy12 Jun 10, 2011 4:33 PM (in response to h.wolffenbuttel)Hans, thnx for your continuous help - here is what I tried.
1. in jms-ds.xml I tried changing following property
<security-domain-and-application>JmsXARealm</security-domain-and-application> to "messaging" which is a DatabaseServerLoginModule from messaging-jboss-beans.xml but nope.
2. then I kept
<application-policy name="JmsXARealm">
<authentication>
<login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
<module-option name="principal">esb</module-option>
<module-option name="userName">esbuser</module-option>
<module-option name="password">esbpassword</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
</login-module>
</authentication>
</application-policy>but nope.
3. then I changed above login-module to DatabaseServerLoginModule same as from messaging-jboss-beans.xml but again no no.
Everytime I get following error when I deploy my esb. Not sure whats going on as it looked straightforward to me, do u think I need to change anything else too?. I will probably get the older SOA version and see if my setup works there.
=====
13:07:04,878 ERROR [JmsActivation] Unable to reconnect org.jboss.resource.adapter.jms.inflow.JmsActivationSpec@155c7a8(ra=org.jboss.resource.adapter.jms.JmsReso
urceAdapter@1bcf4e7 destination=queue/MyGatewayQueue destinationType=javax.jms.Queue tx=true durable=false reconnect=10 provider=java:/DefaultJMSProvider
user=null maxMessages=1 minSession=1 maxSession=15 keepAlive=60000 useDLQ=true DLQHandler=org.jboss.resource.adapter.jms.inflow.dlq.GenericDLQHandler DLQJndiNa
me=queue/DLQ DLQUser=null DLQMaxResent=5)
javax.jms.JMSSecurityException: User: null is not authorized to read from destination MyGatewayQueue
at org.jboss.jms.server.container.SecurityAspect.check(SecurityAspect.java:311)=====
-
7. Re: jms-jca-provider and secured destination
joe_boy12 Jun 10, 2011 4:58 PM (in response to joe_boy12)Hans,
do you have anything extra in deployment.xml other than JMS destinations? I mean any other dependency for jms-jca
Thanks
Joe
-
8. Re: jms-jca-provider and secured destination
h.wolffenbuttel Jun 14, 2011 8:19 AM (in response to joe_boy12)Here is what I have in addition to my queues in deployment.xml:
Is there an option to try the community version 4.9? If so, please try first without the ajustments and after a succes apply them.
Regards,
Hans