3 Replies Latest reply on Oct 29, 2001 5:17 PM by fede

    Authentication and Message Driven Bean

    Claude Newbie

      I have a session bean that publishes messages on a topic and a message driven bean that subscribes to that topic.
      Everything works well when I disable the security.
      However, when I add the following line in my jboss.xml deployment descriptor, it doesn't work any more:
      <security-domain>java:/jaas/database-login</security-domain>.
      I get a "java.lang.SecurityException: Authentication exception, principal=null" that prevents the message driven bean to be "called".
      As the security works well with my session bean, i whould guess i need to wrap the principal and credential into my message. Is that right? How do I proceed?

      Thanks in advance
      Claude

        • 1. Re: Authentication and Message Driven Bean
          Mikael Eriksson Novice

          Do you have any security declarations on the MDB? Or are you trying to use isCallerInRole or getPrincipal?

          Neither of these things should be done, a MDB has no knowledge about the client as such so it cannot have security based on the identity of the client.

          (I guess there is some way to put security on topics/queues, only allowing certain clients to send messages, not sure how that is configured in JBoss though).

          • 2. Re: Authentication and Message Driven Bean
            c.f.ong Newbie

            Hi

            I've encountered the same problem, i.e. after setting the security-domain in the ejb-jar.xml, the MDB throws a security exception - complaining about "username=null".

            Without setting the security-domain, the MDB is working fine.

            In my case, I'm using a stateless session bean to invoke the MDB. The principal and credentials can be successfully accepted by the session bean, but not the MDB.

            So, are there any additional steps in order to forward the principal and credentials to the MDB?

            Thanks.

            C.F.Ong

            • 3. Re: Authentication and Message Driven Bean
              fede Newbie

              Hi,
              When JBossMQ wants to execute the onMessage MDB method, JBossMQ must have permission to execute it. The way I make it work is as follows:
              1 - In the auth.conf file, inside the database-login block (before the ;) add the following line:
              unauthenticatedIdentity="message"
              2 - In the MDB descriptor add:
              <assembly-descriptor>
              <security-role>
              <role-name>Message</role-name>
              </security-role>
              <method-permission>
              <role-name>Message</role-name>

              <ejb-name>.....MDB</ejb-name>
              <method-name>*</method-name>

              </method-permission>
              3 - Add the the user "message" with the "Message" rol in you security framework.