-
1. Re: Resource Adapter + authentication
Hi,
I tested authentication with JBoss AS 7.1.0.Final-Prerelease and with 7.1.0.Final: same issue.
<security-domain> is just ignored.
I have no ideas what I could try more and I doubt that I configured something wrong.
That's why I have all reasons to concider it as a bug.
-
2. Re: Resource Adapter + authentication
Unfortunately I cannot find the source code for ironjacamar version 1.0.7.Final which is used in JBoss AS 7.1.0.Final but on debugin I could find the origin of this issue: org.jboss.as.connector.subsystems.resourceadapters.RaOperationUtil.buildConnectionDefinitionObject(OperationContext, ModelNode, String)
-
3. Re: Resource Adapter + authentication
Hi,
I seem to have the same problem on JBoss 7.1.1-FINAL - even though the related issue is supposed to be resolved.
I have a resource adapter for connection to WMQ, that tries to use a <security-domain> for SSL-authentication to the MQ-server.
Note that the connection to WMQ works if I only use the <application/> tag for the resource adapter, but we need to use SSL and it simply seems to not pick up the configuration.
{code:xml}
<subsystem xmlns="urn:jboss:domain:resource-adapters:1.0">
..................
<connection-definitions>
<connection-definition class-name="com.ibm.mq.connector.outbound.ManagedQueueConnectionFactoryImpl" jndi-name="java:jboss/six-qcf" enabled="true" use-java-context="true" pool-name="QueueConnection" use-ccm="true">
<config-property name="port">
PORTNAME
</config-property>
<config-property name="hostName">
HOSTNAME
</config-property>
<config-property name="channel">
CHANNELNAME
</config-property>
<config-property name="transportType">
CLIENT
</config-property>
<config-property name="queueManager">
QMQR-NAME
</config-property>
<security>
<security-domain>ResourceAdapter-policy</security-domain>
</security>
</connection-definition>
</connection-definitions>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:1.1">
........................
<security-domain name="ResourceAdapter-policy" cache-type="default">
<jsse keystore-password="****" keystore-type="JKS" keystore-url="/opt/jboss/etc/keystore.jks" truststore-password="***" truststore-type="JKS" truststore-url="/opt/jboss/etc/truststore.jks" cipher-suites="TLS_RSA_WITH_AES_128_CBC_SHA" server-alias="host-key" client-alias="host-key"/>
</security-domain>
</subsystem>
{code}
The following error message is shown in server.log:
11:53:46,871 WARN [org.springframework.jms.listener.DefaultMessageListenerContainer] (Container-1) Setup of JMS message listener invoker failed for destination 'com.ibm.mq.connector.outbound.MQQueueProxy@296df388' - trying to recover. Cause: PB00024: Access Denied:Unauthenticated caller:null
11:53:46,872 WARN [org.springframework.jms.listener.DefaultMessageListenerContainer] (Container-1) Could not refresh JMS Connection for destination 'com.ibm.mq.connector.outbound.MQQueueProxy@296df388' - retrying in 5000 ms. Cause: PB00024: Access Denied:Unauthenticated caller:null
-
4. Re: Resource Adapter + authentication
We have test cases for this - so retry with the latest snapshot.
-
5. Re: Resource Adapter + authentication
Thanks, will try that.
Am quite new to this, so excuses in advance for silly questions like this:
Could you direct me to where I can download the latest snapshot, please? And, would I need to do anything to trigger these test cases?
Thank you
-
-
7. Re: Resource Adapter + authentication
Any more comments on this?
As you see from the two last posts, it is not obvious what we are supposed to get the latest snapshot of, or where it is located.
Thanks for any additional clarification on this
-
8. Re: Resource Adapter + authentication
We were able to get around this issue with SSL settings for WMQ resource adapter.
By setting system properties in the topmost section of standalone.xml:
<system-properties>
<property name="javax.net.ssl.trustStore" value="/opt/jboss/etc/truststore.jks"/>
<property name="javax.net.ssl.trustStorePassword" value="${truststore_password}"/>
<property name="javax.net.ssl.keyStore" value="/opt/jboss/etc/keystore.jks"/>
<property name="javax.net.ssl.keyStorePassword" value="${truststore_password}"/>
</system-properties>
And specify the ssCipherSuite to be used against our SSL-enabled WMQ Channel in the <connection-definitions> tag under resource adapter settings:
<config-property name="sslCipherSuite">
SSL_RSA_WITH_RC4_128_SHA
</config-property>
Dont know if this fixes your issue, Dmitri, but at least it shows its possible to get around the issue.
-
9. Re: Resource Adapter + authentication
I have this problem as well in JBoss 7.1.1.Final connecting to SQL Server with windows domain auth. Seems to ignore my domain parameter.
Where can I get this fix sir?
Here is my related comment on an issue tracker. https://issues.jboss.org/browse/AS7-3824?focusedCommentId=12705739#comment-12705739
-
10. Re: Resource Adapter + authentication
Use latest nightly snapshot of AS7 - or JBoss Enterprise Application Platform 6.0.0.GA