3 Replies Latest reply on Sep 3, 2001 8:41 AM by rickardsson

Security and Message Driven Beans

msquance Aug 28, 2001 4:54 PM

Hi,

I am attempting to configure a message driven bean such that it can run as a specified security role. I read a posting from the archive that indicated that this would be supported in JBoss 2.4.0.

I haven't been able to find any documentation on what to add to the ejb-jar.xml and jboss.xml files.

I have tried in ejb-jar.xml (which I pieced together from some other container docs and error messages back from JBoss at deployment)
<message-driven>
<ejb-name>PerfReportHandlerMDB</ejb-name>
...
<security-identity>
<run-as>
<role-name>admin</role-name>
</run-as>
</security-identity>
</message-driven>

In addition, I have given permission to all methods of PerfReportHandlerMDB for role 'admin'. I have basic security working for entity beans in the same jar.

The message I get from trace is:
ERROR 2001-08-28 13:53:09.563 [PerfReportHandlerMDB] Insufficient method permissions, principal=null, method=onMessage, requiredRoles=[admin]

Any insights on this would be appreciated.

Thanks,
Mike Squance

1. Re: Security and Message Driven Beans

rickardsson Aug 31, 2001 4:10 AM (in response to msquance)

I got the same problem when using unauthenticatedIdentity=nobody in auth.conf (also with message driven beans). When I don't use this anonymous user the login fails which I suspect it to. But what I find strange is that it doesn't even get to the login method with unauthenticatedIdentity. btw I'm using a subclass of UsernamePasswordLoginModule.

Here's the exception:

[Default] New Client Connection accepted. Current Thread=Thread[OIL Worker,5,JB
ossMQ Server Threads]
[Default] Client Connection set spyDistributedConnection, ClientID=ID2. Current
Thread=Thread[OIL Worker,5,JBossMQ Server Threads]
[Default] ConnectionReceiver: Receive(ReceiveRequest[1])
[Default] SpyConnectionConsumer:Topic@testTopic->addMessage(mes=TextMessage@ tes
t message nr0 and type JMS)
[Default] SpyConnectionConsumer:Topic@testTopic->processMessages()
[Default] SpyConnectionConsumer:Topic@testTopic Starting the ServerSession.
[Default] SpySession: run()
[MDB] Insufficient method permissions, principal=null, method=onMessage, require
dRoles=[]
[Container factory] Exception in JMSCI message listener: : java.rmi.RemoteExcept
ion: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Insufficient method permissions, principal=
null, method=onMessage, requiredRoles=[]
[Default] java.rmi.RemoteException: checkSecurityAssociation; nested exception i
s:
java.lang.SecurityException: Insufficient method permissions, principal=
null, method=onMessage, requiredRoles=[]
[Default] java.lang.SecurityException: Insufficient method permissions, principa
l=null, method=onMessage, requiredRoles=[]
[Default] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssoci
ation(SecurityInterceptor.java:215)
[Default]
[Default] at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInte
rceptor.java:117)
[Default]
[Default] at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.ja
va:195)
[Default]
[Default] at org.jboss.ejb.MessageDrivenContainer.invoke(MessageDrivenCont
ainer.java:281)
[Default]
[Default] at org.jboss.ejb.plugins.jms.JMSContainerInvoker.invoke(JMSConta
inerInvoker.java:150)
[Default]
[Default] at org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListener
Impl.onMessage(JMSContainerInvoker.java:495)
[Default]
[Default] at org.jbossmq.SpyMessageConsumer.deliverMessage(SpyMessageConsu
mer.java:296)
[Default]
[Default] at org.jbossmq.SpySession.run(SpySession.java:218)
[Default]
[Default] at org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:
132)
[Default]
[Default] at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(Po
oledExecutor.java:642)
[Default]
[Default] at java.lang.Thread.run(Thread.java:484)
[Default]
Actions
2. Re: Security and Message Driven Beans

msquance Aug 31, 2001 2:47 PM (in response to msquance)

What I've found is that the run-as role works correctly, once inside onMessage. It then uses that role when accessing other EJBs.

The issue seems to be getting into onMessage. If unauthenticatedIdentity=nobody, then I get the message:
java.lang.SecurityException: Insufficient method permissions, principal=null, method=onMessage, requiredRoles=[admin, mdb, guest]

However, I can set unauthenticatedIdentity=mdb, add user mdb to a role called mdb, add give the mdb role permission to onMessage of my MDB bean.

This seems to have two issues with it:
1) There is not a way to configure different security access to different message driven beans.
2) Any unauthenticated user now has access to onMessage of the MDB, so could theoretically generate a message of the appropriate type to get inside the MDB.

The only potential solution that comes to mind would involve passing some credentials via the message. This seems to have other security implications (anyone listening for the message could pick up the credentials).

Am I missing anything obvious?

Thanks,
Mike.
Actions
3. Re: Security and Message Driven Beans

rickardsson Sep 3, 2001 8:41 AM (in response to msquance)

When the commit method in AbstractServerLoginModule calls getRoleSets and there are no roles found, which is the case for an anonymous user, the result is "Insufficient method permissions, principal=null, method=onMessage, requiredRoles=[admin]" (due to the result of the rest of the code in commit). Thus adding a "dummy" role to be returned by getRoleSets for the anonymous user, solved the problem in my case. I'm using "unauthenticatedIdentity=nobody" and in the method-permission for the message driven bean.

I might be cheating a little bit here but it's a temporary solution anyway.
Actions

Go to original post