-
15. Re: Inherit security context from application server
Little holidays for me last week :-) , now i check it out your suggestion and it's working
Only to say that the jmx url to make the connection inside JBoss was:
private static final String JMX_URL = "service:jmx:rmi://127.0.0.1/jndi/rmi://127.0.0.1:1090/jmxconnector";
This is different that the url that comes in the examples section.
Also, i'm not using any jvm argument referred to jmx to run the server.
I think maybe it's helpful for somebody else.
Thanks.
-
16. Re: Inherit security context from application server
Hi again!
The interceptor it's working great, it takes the username from the JMSServerControl obtained by JMX and i can set it as a property in the message.
So, the MDB receives who's sending the message automatically, without any "intervention" from the programmer.
But ... it's driving me crazy the authentication to hornetQ with the credentials of the producer stateless EJB.
More clear ... i have a stateless EJB and one method do the send of the message, so the EJB it's already authenticated into JBoss.
I do the connection.createSession() and configured the security manager in hornetq-jboss-beans.xml to this:
<!-- The security manager --> <bean name="HornetQSecurityManager" class="org.hornetq.integration.jboss.security.JBossASSecurityManager">
<depends>JBossSecurityJNDIContextEstablishment</depends>
<start ignored="true"/>
<stop ignored="true"/>
<property name="allowClientLogin">true</property>
<property name="authoriseOnClientLogin">true</property>
</bean>
But it's using the default authentication of hornetQ instead of taking the principal already existent in the security context of the EJB.
If i do connection.createSession(user, pass) with an existent user in the properties files of hornetq, it works.
What i'm doing wrong?...
Thanks.
-
17. Re: Inherit security context from application server
your config looks correct, can you provide a easy reproducable test i can play wround with based on your config
-
18. Re: Inherit security context from application server
ok.
I send you the eclipse indigo project of the EJB and the web application WAR to test the EJB.
The web application only authenticates the user and then ask for a text message to send.
Also, i compressed the hornetq.sar folder with the jboss configuration.
As a complementary info, i debug the authentication inside HornetQ and ... in the class JBossASSecurityManager
public boolean validateUserAndRole(final String user,
final String password,
final Set<Role> roles,
final CheckType checkType)
{
if (allowClientLogin && SecurityContextAssociation.isClient())
{
return authoriseOnClientLogin ? useClientAuthentication(roles, checkType) : true;
}
else
{
return useConnectionAuthentication(user, password, roles, checkType);
}
}
The SecurityContextAssociation.isClient() returns false, and then it tries to authenticate inside HornetQ, so the flags allowClientLogin and authoriseOnClientLogin are useless.
thanks for your time Andy!
-
19. Re: Inherit security context from application server
I cant build your app as it has no build script and i dont use eclipse. One thing I cant see tho is your client login module, did you write one?
also i think you have to call client.setVmwideAssociation(true) altho this is not recomended
A