AS7.1 Secure queue using remote JNDI
ned233 Feb 17, 2012 2:27 PMDistribution: AS 7.1.0.Final
I have successfully setup a secure remote queue and tested connectivity to it using the HornetQ native libraries. However, I am getting an error when testing the same thing using remote JNDI.
Here is my configuration:
standalone.xml
<subsystem xmlns="urn:jboss:domain:messaging:1.1">
<security-settings>
......
<security-setting match="jms.queue.testremotequeue">
<permission type="send" roles="SvcRole"/>
<permission type="consume" roles="SvcRole"/>
<permission type="createNonDurableQueue" roles="SvcRole"/>
<permission type="deleteNonDurableQueue" roles="SvcRole"/>
</security-setting>
</security-settings>
<jms-connection-factories>
.....
<connection-factory name="RemoteConnectionFactory">
<connectors>
<connector-ref connector-name="netty"/>
</connectors>
<entries>
<entry name="RemoteConnectionFactory"/>
<entry name="java:jboss/exported/jms/RemoteConnectionFactory"/>
</entries>
</connection-factory>
......
</jms-connection-factories>
<jms-destinations>
......
<jms-queue name="testremotequeue">
<entry name="java:jboss/exported/jms/queue/testremotequeue"/>
</jms-queue>
......
</jms-destinations>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="throwValidateError" value="true"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://mycompany.com:389/"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="principalDNSuffix" value="@mycompany.com"/>
<module-option name="baseCtxDN" value="CN=Users,DC=mycompany,DC=com"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
<module-option name="uidAttributeID" value="sAMAccountName"/>
<module-option name="rolesCtxDN" value="CN=Users,DC=mycompany,DC=com"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="roleNameAttributeID" value="cn"/>
</login-module>
</authentication>
</security-domain>
......
</subsystem>
Client code
Using the native HornetQ library, this configuration works just fine:
Queue queue = HornetQJMSClient.createQueue(queueName);
Map<String, Object> connectionParams = new HashMap<String, Object>();
connectionParams.put(TransportConstants.PORT_PROP_NAME, 5445);
connectionParams.put(TransportConstants.HOST_PROP_NAME, "localhost");
TransportConfiguration transportConfiguration = new TransportConfiguration(NettyConnectorFactory.class.getName(), connectionParams);
ConnectionFactory factory = (ConnectionFactory) HornetQJMSClient.createConnectionFactoryWithoutHA(JMSFactoryType.CF, transportConfiguration);
conn = factory.createConnection(userName, password);
....
However, using JNDI, I am getting an error:
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
props.put(Context.PROVIDER_URL, "remote://localhost:4447");
props.put(Context.SECURITY_PRINCIPAL, userName);
props.put(Context.SECURITY_CREDENTIALS, password);
Context context = new InitialContext(props);
On that last line, I get the following error. This is going against the same queue with the same username & password:
javax.naming.NamingException: Failed to create remoting connection [Root exception is java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed]
at org.jboss.naming.remote.client.ClientUtil.namingException(ClientUtil.java:36)
at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at com.fhlbi.cbs.common.util.RemoteQueueTest.main(RemoteQueueTest.java:33)
Caused by: java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.naming.remote.protocol.IoFutureHelper.get(IoFutureHelper.java:87)
at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:42)
at org.jboss.naming.remote.client.InitialContextFactory.createConnection(InitialContextFactory.java:153)
at org.jboss.naming.remote.client.InitialContextFactory.getOrCreateConnection(InitialContextFactory.java:126)
at org.jboss.naming.remote.client.InitialContextFactory.getInitialContext(InitialContextFactory.java:106)
... 5 more
Caused by: javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:365)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:214)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.channels.TranslatingSuspendableChannel.handleReadable(TranslatingSuspendableChannel.java:189)
at org.xnio.channels.TranslatingSuspendableChannel$1.handleEvent(TranslatingSuspendableChannel.java:103)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:72)
at org.xnio.nio.NioHandle.run(NioHandle.java:90)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:184)
at ...asynchronous invocation...(Unknown Source)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:270)
at org.jboss.remoting3.EndpointImpl.doConnect(EndpointImpl.java:251)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:349)
at org.jboss.remoting3.EndpointImpl.connect(EndpointImpl.java:333)
at org.jboss.naming.remote.client.cache.EndpointCache$EndpointWrapper.connect(EndpointCache.java:110)
at org.jboss.naming.remote.client.cache.ConnectionCache.get(ConnectionCache.java:41)
... 8 more