1 Reply Latest reply on Apr 17, 2013 6:53 AM by mybrandnewusername

Re: Can't get ConnectionFactory for JMS from JNDI when using custom security domain

mybrandnewusername Apr 17, 2013 6:52 AM

I'm running hornetQ JMS on jboss-as-7.2.0.Final with my custom security domain. But in JMS test I can't get ConnectionFactory. When I do not use my security domain for remoting subsystem, JMS works fine. EJB works fine with my security domain.

I use standalone-full.xml for my test with several changes:

1. security realm

{code:xml}
<security-realm name="MYRealm">
    <authentication>
        <jaas name="mydomain"/>
    </authentication>
</security-realm>
{code}

2. security domain

{code:xml}
<security-domain name="mydomain">
    <authentication>
        <login-module code="my.module.MyLoginModule" flag="required" module="my.module"/>
    </authentication>
</security-domain>
{code}

3. my queue

{code:xml}
<jms-queue name="DemoInfoQ">
    <entry name="jms/queue/DemoInfoQ"/>
    <entry name="java:jboss/exported/jms/queue/DemoInfoQ"/>
</jms-queue>
{code}

4. set my security realm for remoting subsystem

{code:xml}
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
    <connector name="remoting-connector" socket-binding="remoting" security-realm="MYRealm"/>
</subsystem>
{code}

When I change security realm for remoting subsystem (4) to "ApplicationRealm" or nothing, JMS works. But with MYRealm my test client gives an exception, when I try to lookup ConnectionFactory:

{code}
javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://localhost:4447]
{code}

Why do I get such a strange error and how can I fix that? I expect some kind of security exception at least. "my.module.MyLoginModule" allows all (for test purpose), and (once again) EJB woks ok with my realm.

I'm pretty sure that there can be no problem with my client test code, because it's pretty straightforward and it works, when I change jboss config (no sec. realm for remoting). Anyway, here it is:

{code}
final Properties props = new Properties();
props.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED","false");
props.put("remote.connections", "default");
props.put("remote.connection.default.username", "any");
props.put("remote.connection.default.password", "none");
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS","false");
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT","false");
props.put(Context.PROVIDER_URL, providerUrl);
props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
Context context = new InitialContext(props);
ConnectionFactory connectionFactory = (ConnectionFactory) context.lookup("jms/RemoteConnectionFactory");
...
{code}

1. Re: Can't get ConnectionFactory for JMS from JNDI when using custom security domain

mybrandnewusername Apr 17, 2013 6:53 AM (in response to mybrandnewusername)

Finaly found property set, that worked:

params.setProperty("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
params.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
params.setProperty(Context.PROVIDER_URL, "remote://localhost:4447");
params.setProperty(Context.SECURITY_PRINCIPAL, "user");
params.setProperty(Context.SECURITY_CREDENTIALS, "password");
Actions