3 Replies Latest reply on Nov 7, 2003 10:30 AM by Marcelo Klein

    User authentication JMS / JAAS

    Marcelo Klein Newbie

      I'm Using the UIL2 connection in JBoss 3.0.8 providing a Username and Password for the QueueConnectionFactoy.
      In the jbossmq-state.xml I define the users with their passwords (i.e. "guest" "guest") and their roles (ie "guest" "role1").
      So here's my question.
      Are this roles valid for JAAS authentication, I mean, this usernames/roles are the same as the "Identity/Role" in JAAS so that I can securely know wich user is connecting???.
      Any reply will be a great help.

        • 1. Re: User authentication JMS / JAAS
          Adrian Brock Master

          Not sure I understand your question.

          The jms client notion of user/password is not
          integrated with jaas.
          i.e. JBossMQ does not use the identity from a jaas login
          on the client.

          JBossMQ uses a jaas login configuration
          internally to handle the authenitcation of user/password
          see jbossmq in conf/login-config.xml
          If this isn't supplied it uses the unauthenticated identity


          • 2. Re: User authentication JMS / JAAS
            Marcelo Klein Newbie

            I'm trying to make a JMS Client act as a JAAS role, for authentication purposes, for accessing some SLSBs that perform the bussines logic (anyone shouldn't access this bean! only authenticated users!).
            Any suggestions about how to implement this?
            Thanks a lot,

            • 3. Re: User authentication JMS / JAAS
              Marcelo Klein Newbie

              I would also like to know if I can implement a dynamic login module through a DB. I've opened the login-config.xml and seen that a login module called "org.jboss.resource.security.ConfiguredIdentityLoginModule" that is used in the MysqlDbRealm.
              Should I use this?
              Thanks again,