9 Replies Latest reply on Aug 19, 2002 3:40 AM by Peter Antman

    JMS Security Question

    David Sills Newbie

      I'm trying to deploy the message-driven bean in Richard Monson-Haefel's Enterprise JavaBeans (3rd ed.), Chapter 13. I'm using the JBoss workbook (still in beta, and missing much). I'm doing all this on JBoss 3.0.0, using MySql, on Windows XP.

      I've managed all the EJB configuration, but am stumped by the following stacktrace, which seems to occur at just the first point that the MDB actually creates a QueueSession to the Reply-To that has been serialized and sent by the client:

      QueueSession session = connect.createQueueSession (false,0);

      I understand that the parameter values here are supposed to be ignored by the container, and also tried the recommended (true, 0) without any difference.

      What's confusing is that I don't have a security manager set for this queue, and yet one seems to be being called. Undoubtedly there's just something I don't yet understand. Here's the configuration information:


      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager


      I'm just exploring JMS for the first time, and I'd like to hope that I can get this working with a little help from this forum. Thanks!



      05:20:17,451 WARN [LogInterceptor] Unexpected Error
      java.lang.ClassCircularityError: java/lang/Comparable
      at org.jboss.security.plugins.JaasSecurityManager.validateCache(JaasSecurityManager.java:406)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:213)
      at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:157)
      at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:40)
      at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:575)
      at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:288)
      at org.jboss.mq.il.jvm.JVMServerIL.authenticate(JVMServerIL.java:302)
      at org.jboss.mq.Connection.authenticate(Connection.java:759)
      at org.jboss.mq.Connection.(Connection.java:233)
      at org.jboss.mq.SpyConnection.(SpyConnection.java:48)
      at org.jboss.mq.SpyXAConnection.(SpyXAConnection.java:38)
      at org.jboss.mq.SpyXAConnectionFactory.createXAQueueConnection(SpyXAConnectionFactory.java:111)
      at org.jboss.jms.ConnectionFactoryHelper.createQueueConnection(ConnectionFactoryHelper.java:67)
      at org.jboss.resource.adapter.jms.JmsManagedConnection.setup(JmsManagedConnection.java:598)
      at org.jboss.resource.adapter.jms.JmsManagedConnection.(JmsManagedConnection.java:164)
      at org.jboss.resource.adapter.jms.JmsManagedConnectionFactory.createManagedConnection(JmsManagedConnectionFactory.java:96)
      at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnection(InternalManagedConnectionPool.java:236)
      at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(InternalManagedConnectionPool.java:101)
      at org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(JBossManagedConnectionPool.java:312)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getManagedConnection(BaseConnectionManager2.java:467)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:532)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:812)
      at org.jboss.resource.adapter.jms.JmsSessionFactoryImpl.createQueueSession(JmsSessionFactoryImpl.java:117)
      at com.titan.reservationprocessor.ReservationProcessorBean.deliverTicket(ReservationProcessorBean.java:130)
      at com.titan.reservationprocessor.ReservationProcessorBean.onMessage(ReservationProcessorBean.java:109)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.ejb.MessageDrivenContainer$ContainerInterceptor.invoke(MessageDrivenContainer.java:391)
      at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:186)
      at org.jboss.ejb.plugins.MessageDrivenInstanceInterceptor.invoke(MessageDrivenInstanceInterceptor.java:88)
      at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:96)
      at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:142)
      at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:61)
      at org.jboss.ejb.plugins.RunAsSecurityInterceptor.invoke(RunAsSecurityInterceptor.java:100)
      at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:166)
      at org.jboss.ejb.MessageDrivenContainer.invoke(MessageDrivenContainer.java:302)
      at org.jboss.ejb.plugins.jms.JMSContainerInvoker.invoke(JMSContainerInvoker.java:625)
      at org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(JMSContainerInvoker.java:973)
      at org.jboss.jms.asf.StdServerSession.onMessage(StdServerSession.java:234)
      at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:561)
      at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:377)
      at org.jboss.mq.SpySession.run(SpySession.java:252)
      at org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:173)
      at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:642)
      at java.lang.Thread.run(Thread.java:536)

        • 1. Re: JMS Security Question
          Peter Antman Expert

          Take a look at https://sourceforge.net/tracker/?func=detail&aid=526622&group_id=22866&atid=381174

          To remove security you have to change the setup of JBossMQ, not just a destination. I wrote about it in a post a couple of days ago.

          //Peter

          From changenote:
          - All connections are checked for autentication. To
          setup a non secured environment requires to remove the
          security adapter configurations.

          - All access to destinations are checked for
          authorization. This is based on a simple role based ACL
          list where a particular role may have read (subscribe,
          receive, browse), write (publish,send) or create
          (durable sub) rights. Every destination have its own
          configured security configuration. If non is available,
          the default role guest with read and write rights are
          used. To create a destination with no access rights
          (what use is that?) an empty configuration must be
          used.

          • 2. Re: JMS Security Question
            David Sills Newbie

            Dear PRA:

            I hope you're still out there. I've been tearing my hair out for days. I'm running short of other places to go, and I obviously haven't understood how JBoss security works. I keep putting in more users and roles in different places, and still I can't connect my internal message-driven beans to the Queue I'm trying to use to send messages to a client. God knows what will happen when I finally get the messages to the queue and then we turn to what the client needs.

            Can you give me some more information about where to read further? I've tried the Quick-Start document, where I only find security examples for entity and session beans, which have security contexts that are quite simple to understand. I've read through several other books to find out what I can. I have, after all, bought every piece of documentation JBoss has to offer, several of them twice.

            I seem to see that in my MDB I have to create a connection thus:

            QueueConnection connect = factory.createQueueConnection ("internalProducer", "ip_password");

            I think I see that I have to configure


            <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager








            (I'm trying to use "internalProducer" as the username for the internal MDB that will post finished tickets to the titan-TicketQueue, where they'll be picked up by "ticketClient.")

            But I can't see how to configure JBoss so that it can know how to get the usernames and passwords for "internalProducer" and "ticketClient." I've tried most everything, but the documentation seems completely opaque to me (though I'm sure that once I understand I'll go back and say, "but of course!"). I haven't changed the default JBoss 3.0.0 security configuration files, however, in so far as I've been able to understand what they are.

            Can you or can someone else help?

            • 3. Re: JMS Security Question
              David Sills Newbie

              Dear Peter:

              Thanks for your reply, and I hope you're still out there. I've been tearing my hair out for days. I'm running short of other places to go, and I obviously haven't understood how JBoss security works. I keep putting in more users and roles in different places, and still I can't connect my internal message-driven beans to the Queue I'm trying to use to send messages to a client. God knows what will happen when I finally get the messages to the queue and then we turn to what the client needs.

              Can you give me some more information about where to read further? I've tried the Quick-Start document, where I only find security examples for entity and session beans, which have security contexts that are quite simple to understand. I've read through several other books to find out what I can. I have, after all, bought every piece of documentation JBoss has to offer, several of them twice.

              I seem to see that in my MDB I have to create a connection thus:

              QueueConnection connect = factory.createQueueConnection ("internalProducer", "ip_password");

              I think I see that I have to configure


              <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager








              (I'm trying to use "internalProducer" as the username for the internal MDB that will post finished tickets to the titan-TicketQueue, where they'll be picked up by "ticketClient.")

              But I can't see how to configure JBoss so that it can know how to get the usernames and passwords for "internalProducer" and "ticketClient." I've tried most everything, but the documentation seems completely opaque to me (though I'm sure that once I understand I'll go back and say, "but of course!"). I haven't changed the default JBoss 3.0.0 security configuration files, however, in so far as I've been able to understand what they are.

              Can you or can someone else help?

              David

              • 4. Re: JMS Security Question
                Peter Antman Expert

                Say you set up your jbossmq-state.xml file like this:

                jbossmq-state.xml:



                guest
                guest


                john
                needle
                DurableSubscriberExample


                bert
                topsecret




                guest
                john


                john


                john
                bert






                What you have here is three users, guest, john and bert. These are the users you may login as, for example

                QueueConnection connect = factory.createQueueConnection ("bert", "topsecret");


                There are also a number of roles, to wich a user may belong. The security scheme in JBoss is rolebased. So the thing you specify in your destination configuration is the roles adn not the users.


                <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager








                The above configuration says that when a user tries to subsribe to the queue, it will be checked if the user really belong to the role ticketClient, which only john does here. When trying to send messages to the destination it will be checked if the user belongs to the internalProducer role, which both john and bert does in the above configuration.

                //Peter

                • 5. Re: JMS Security Question
                  David Sills Newbie

                  Peter:

                  Thanks. I don't feel quite so stupid now. I did try doing exactly this (sort of fell over it and it seemed like it should work), or at least I thought I had. I still got Exceptions that indicated that the system was not finding password information. I assumed that somehow I had put the information into the wrong file, or that the security configuration that was being applied didn't actually read that file. I haven't time enough this morning before work to try again and to forward all results, but I will try once more very carefully and see what happens.

                  Thanks again for your help. It is much appreciated.

                  • 6. Re: JMS Security Question
                    David Sills Newbie

                    Dear Peter:

                    This is what I tried. Obviously it must have been different from what you suggested, but I don't see how yet. If you can elucidate, I will be most grateful.

                    jbossmq-state.xml:




                    internalTicketProducer
                    itp_password


                    externalTicketConsumer
                    etc_password


                    externalReservationProducer
                    erp_password




                    internalTicketProducer


                    externalTicketConsumer


                    externalReservationProducer




                    jbossmq-titanqueues-service.xml:




                    <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager











                    JmsClient_TicketConsumer.java:

                    Context jndiContext = getInitialContext ();
                    QueueConnectionFactory factory = (QueueConnectionFactory) jndiContext.lookup ("ConnectionFactory");
                    Queue ticketQueue = (Queue) jndiContext.lookup ("queue/titan-TicketQueue");
                    QueueConnection connect = factory.createQueueConnection ("externalTicketConsumer", "etc_password");
                    QueueSession session = connect.createQueueSession (false,Session.AUTO_ACKNOWLEDGE);
                    QueueReceiver receiver = session.createReceiver (ticketQueue);
                    receiver.setMessageListener (this);
                    connect.start ();

                    The exception when I try to run the class:

                    22:38:19,531 WARN [SecurityManager] No SecurityMetadadata was available for titan-ReservationQueue adding default security conf
                    22:38:32,660 WARN [SecurityManager] No SecurityMetadadata was available for titan-TicketQueue adding default security conf
                    22:38:32,670 WARN [OILServerILService] Client request resulted in a server exception:
                    javax.jms.JMSSecurityException: Connection not authorized to subscribe to destination: titan-TicketQueue
                    at org.jboss.mq.security.ServerSecurityInterceptor.subscribe(ServerSecurityInterceptor.java:141)
                    at org.jboss.mq.server.TracingInterceptor.subscribe(TracingInterceptor.java:599)
                    at org.jboss.mq.server.JMSServerInvoker.subscribe(JMSServerInvoker.java:298)
                    at org.jboss.mq.il.oil.OILServerILService$Client.run(OILServerILService.java:287)
                    at java.lang.Thread.run(Thread.java:536)
                    22:38:32,940 WARN [OILServerILService] Connection failure (1).
                    java.net.SocketException: Connection reset by peer: JVM_recv in socket input stream read
                    at java.net.SocketInputStream.socketRead0(Native Method)
                    at java.net.SocketInputStream.read(SocketInputStream.java:116)
                    at java.io.BufferedInputStream.fill(BufferedInputStream.java:183)
                    at java.io.BufferedInputStream.read(BufferedInputStream.java:201)
                    at java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2118)
                    at java.io.ObjectInputStream$BlockDataInputStream.readBlockHeader(ObjectInputStream.java:2301)
                    at java.io.ObjectInputStream$BlockDataInputStream.refill(ObjectInputStream.java:2368)
                    at java.io.ObjectInputStream$BlockDataInputStream.read(ObjectInputStream.java:2440)
                    at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2589)
                    at java.io.ObjectInputStream.readByte(ObjectInputStream.java:837)
                    at org.jboss.mq.il.oil.OILServerILService$Client.run(OILServerILService.java:190)
                    at java.lang.Thread.run(Thread.java:536)

                    I take it that the SocketException is secondary, but I don't understand what I did wrong so that the connection couldn't be made. Perhaps the error will be suggestive? Or perhaps there's another piece I need?

                    Thanks for taking a look at this. I appreciate your efforts.

                    David

                    • 7. Re: JMS Security Question
                      Peter Antman Expert

                      Your trouble now is that your destination is not configured correct: Heres a correct one:


                      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
                      <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager









                      Yours is missing the SecurityManager part.

                      //Peter

                      • 8. Re: JMS Security Question
                        David Sills Newbie

                        Peter:

                        Thanks very much for the help. I reconfigured the security as you suggested, and at least I don't get the warnings. But now something else peculiar has popped up. The stack trace:

                        21:34:34,645 WARN [JMSContainerInvoker] JMS provider failure detected:
                        javax.jms.JMSSecurityException: Connection not authorized to subscribe to destination: titan-ReservationQueue
                        at org.jboss.mq.security.ServerSecurityInterceptor.subscribe(ServerSecurityInterceptor.java:141)
                        at org.jboss.mq.server.TracingInterceptor.subscribe(TracingInterceptor.java:599)
                        at org.jboss.mq.server.JMSServerInvoker.subscribe(JMSServerInvoker.java:298)
                        at org.jboss.mq.il.jvm.JVMServerIL.subscribe(JVMServerIL.java:315)
                        at org.jboss.mq.Connection.addConsumer(Connection.java:962)
                        at org.jboss.mq.SpyConnectionConsumer.(SpyConnectionConsumer.java:73)
                        at org.jboss.mq.SpyConnection.createConnectionConsumer(SpyConnection.java:113)
                        at org.jboss.ejb.plugins.jms.JMSContainerInvoker.innerCreate(JMSContainerInvoker.java:584)
                        at org.jboss.ejb.plugins.jms.JMSContainerInvoker.create(JMSContainerInvoker.java:415)
                        at org.jboss.ejb.MessageDrivenContainer.create(MessageDrivenContainer.java:170)
                        at org.jboss.ejb.Container.invoke(Container.java:789)
                        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
                        at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:894)
                        at $Proxy6.create(Unknown Source)
                        at org.jboss.system.ServiceController.create(ServiceController.java:272)
                        at sun.reflect.GeneratedMethodAccessor25.invoke(Unknown Source)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:324)
                        at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
                        at org.jboss.util.jmx.MBeanProxy.invoke(MBeanProxy.java:174)
                        at $Proxy19.create(Unknown Source)
                        at org.jboss.ejb.EjbModule.createService(EjbModule.java:392)
                        at org.jboss.system.ServiceMBeanSupport.create(ServiceMBeanSupport.java:134)
                        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:324)
                        at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
                        at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:894)
                        at $Proxy6.create(Unknown Source)
                        at org.jboss.system.ServiceController.create(ServiceController.java:272)
                        at org.jboss.system.ServiceController.create(ServiceController.java:212)
                        at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:324)
                        at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
                        at org.jboss.util.jmx.MBeanProxy.invoke(MBeanProxy.java:174)
                        at $Proxy5.create(Unknown Source)
                        at org.jboss.ejb.EJBDeployer.create(EJBDeployer.java:380)
                        at org.jboss.deployment.MainDeployer.create(MainDeployer.java:637)
                        at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:512)
                        at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:481)
                        at sun.reflect.GeneratedMethodAccessor8.invoke(Unknown Source)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:324)
                        at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
                        at org.jboss.util.jmx.MBeanProxy.invoke(MBeanProxy.java:174)
                        at $Proxy4.deploy(Unknown Source)
                        at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:405)
                        at org.jboss.deployment.scanner.URLDeploymentScanner.scanDirectory(URLDeploymentScanner.java:586)
                        at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:465)
                        at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:237)
                        at org.jboss.system.ServiceMBeanSupport.start(ServiceMBeanSupport.java:162)
                        at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:324)
                        at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
                        at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:894)
                        at $Proxy0.start(Unknown Source)
                        at org.jboss.system.ServiceController.start(ServiceController.java:340)
                        at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:324)
                        at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
                        at org.jboss.util.jmx.MBeanProxy.invoke(MBeanProxy.java:174)
                        at $Proxy3.start(Unknown Source)
                        at org.jboss.deployment.SARDeployer.start(SARDeployer.java:243)
                        at org.jboss.deployment.MainDeployer.start(MainDeployer.java:678)
                        at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:513)
                        at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:481)
                        at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:465)
                        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:324)
                        at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
                        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
                        at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:314)
                        at org.jboss.system.server.ServerImpl.start(ServerImpl.java:216)
                        at org.jboss.Main.boot(Main.java:142)
                        at org.jboss.Main$1.run(Main.java:375)
                        at java.lang.Thread.run(Thread.java:536)
                        21:34:34,675 INFO [JMSContainerInvoker] Trying to reconnect to JMS provider

                        And it keeps trying to reconnect to the JMS provider over and over, throwing exceptions all the while. If I put "guest" in as an authorized user, it works:


                        <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
                        <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager










                        What I don't understand is that guest is not even involved in my application. I understand that "Destination without a configured SecurityManager or without a SecurityConf will default to role guest" as the configuration file indicates, but I think that, with your help, I have managed this. Clearly "guest" doesn't always have to be an authorized user, as this only is a problem with the titan-ReservationQueue, and I have another queue set up for listeners. Is it because I have a message-driven bean configured to listen to this queue and not to the other?

                        Still trying to work through the issues. Many thanks again for your help. Somehow EJB configuration seemed easier than this, in fact quite intuitive. Just practice, I suppose.

                        David

                        • 9. Re: JMS Security Question
                          Peter Antman Expert

                          Now its time to turn on trace logging to so if its the JAAS stuff that flakes somehow.

                          As far as I remember guest is an implicit user/role defineded in the auth.conf or the 3.0.1 eqvivalent. SO if you do noy want anonymous user at al, remove the mapping in auth.conf or do not set guest as allowed in your destination.

                          //Peter