4 Replies Latest reply on May 14, 2010 1:42 PM by munimanjunath kalapati

    MBeanTrustPermission Error

    c z Newbie

      I tried to add the bea weblogic jndi namespace to the jndi namespace of my JBoss 4.0.2 server as external context for latter access of bea's jms queues. according to the documentation I tried this by deploying the following extjndi-service.xml within JBoss.

      <server>
      <classpath codebase="../" archives="wlclient.jar"/>
      <mbean code="org.jboss.naming.ExternalContext"
       name="jboss.jndi:service=ExternalContext,jndiName=external/Bea">
       <attribute name="JndiName">external/Bea</attribute>
       <attribute name="CacheContext">true</attribute>
       <attribute name="Properties">
       java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
       java.naming.provider.url=t3://localhost:7001
       java.naming.factory.url.pkgs=org.jnp.interfaces
       </attribute>
       <attribute name="InitialContext">javax.naming.InitialContext</attribute>
       <attribute name="RemoteAccess">true</attribute>
      </mbean>
      </server>


      but when I try to even start the jmx console on localhost to test the deployment with JNDIView I get the following error output:

      2005-05-06 10:41:17,240 ERROR [org.apache.commons.modeler.Registry] Error registering jboss.web:name=HttpRequest1,type=RequestProcessor,worker=http-0.0.0.0-8080
      java.lang.SecurityException: MBeanTrustPermission(register) not implied by protection domain of mbean class: org.apache.commons.modeler.BaseModelMBean, pd: ProtectionDomain (file:/C:/work/jboss4_02/server/default/tmp/deploy/tmp21882commons-modeler.jar <no certificates>)
       org.jboss.mx.loading.UnifiedClassLoader3@16504fa{ url=file:/C:/work/jboss4_02/server/default/deploy/jbossweb-tomcat55.sar/ ,addedOrder=10}
       <no principals>
       java.security.Permissions@1767553 (
       (java.io.FilePermission C:\work\jboss4_02\server\default\tmp\deploy\tmp21882commons-modeler.jar read)
       (java.io.FilePermission C:\work\jboss4_02\server\default\deploy\jbossweb-tomcat55.sar read)
      ...
      


      Any idea how I can get rid of that error and to federate the remote jndi namespace into jboss's jndi namespace? any information pointing me in the right direction is welcomed.

      regards,
      chris

        • 1. Re: MBeanTrustPermission Error
          Scott Stark Master

          You need to fix your security policy. If your not explicitly setting up a security manager, I have heard that some weblogic components do this under the covers so find out how to disable it from weblogic.

          • 2. Re: MBeanTrustPermission Error
            c z Newbie

            as far as I can see a security manager is running. also when I try to explicit activate the security manager according to the server guide within the run.bat I get an exception which means that there's already one running. the server.policy file grants permission to everything.

            ...
            2005-05-09 16:53:55,791 DEBUG [org.jboss.system.ServiceController] starting service jboss.security:service=JaasSecurityManager
            2005-05-09 16:53:55,791 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Starting jboss.security:service=JaasSecurityManager
            2005-05-09 16:53:56,191 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] securityMgrCtxPath=java:/jaas
            2005-05-09 16:53:56,211 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] cachePolicyCtxPath=java:/timedCacheFactory
            2005-05-09 16:53:56,221 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] SecurityProxyFactory=org.jboss.security.SubjectSecurityProxyFactory@6a3960
            2005-05-09 16:53:56,251 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Started jboss.security:service=JaasSecurityManager
            ...


            nevertheless I'm going to check my bea weblogic environment.
            ... any other ideas what could have went wrong?

            is there anything I have to add to the descriptors of the jmx-console xmbean?

            in the meantime I made the following changes to the login-config.xml
            ...
            <application-policy name = "jmx-console">
             <authentication>
             <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
             <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
             <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
             <module-option name="unauthenticatedIdentity">nobody</module-option>
             </login-module>
             </authentication>
             </application-policy>
            ...
            <application-policy name = "other">
             <authentication>
             <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required" >
             <module-option name="unauthenticatedIdentity">nobody</module-option>
             </login-module>
             </authentication>
             </application-policy>
            ...


            and within extjndi-service.xml I changed the "attributes" into:
            ...
            <attribute name="Properties">
             java.naming.factory.initial=weblogic.jndi.WLInitialContextFactory
             java.naming.provider.url=t3://localhost:7001
             java.naming.security.principal=nobody
             java.naming.security.authentication=simple
             java.naming.security.credentials=weblogic
             </attribute>
            ...

            I also changed the jmx-console-roles.properties to
            admin=JBossAdmin,HttpInvoker,nobody

            and jmx-console-users.properties to
            admin=admin,nobody

            to be sure, that "everthing" has permission granted,
            but without success. the errormessage is still the same.

            regards,
            chris



            • 3. Re: MBeanTrustPermission Error
              Scott Stark Master

              The log messages are for the jboss j2ee security service. This is not a java2 security manager, and the configuration files you show have nothing to do with configuration a java2 security manager. Most likely you are running into the problem of the weblogic client libraries installing a java2 security manager. Either figure out how to disable this behavior or look into configuring a java2 security manager policy. Chapter 8.6 of the admin guide is a starting point.

              http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html

              • 4. Re: MBeanTrustPermission Error
                munimanjunath kalapati Newbie

                I solved this issue by adding the below permission in the  java security policy file

                 

                \jre\lib\security\java.policy  file

                 

                 

                grant {
                permission javax.management.MBeanTrustPermission "register";
                };