Configure the jms security domain to use the org.jboss.resource.security.CallerIdentityLoginModule to use the ejb credentials.
Thanks for the reply. But I think my initial question might have been a little misleading.
It is the client side that is accessing the beans AND connecting to the JMS topic, I have something like the following in the client app:
lc = new LoginContext("jbossmq",handler);
TopicConnectionFactory cf = ...;
TopicConnection tc = cf.createTopicConnection();
If I don't put the username/password into the createTopicConnection() call then the JMS connection fails.
My loginconfig for the client is:
and my server login-config.xml contains (as suggested):
In stepping through the client and server side code I cannot see how the info captured by the ClientLoginModule is used for the JMS connection. Obviously the SecurityAssociation principal and credential (set up by the ClientLoginModule) are not being propagated to the server. For a bean invocation from a client, the proxy SecurityInterceptor does this but what does this for a JMS connection?
Still cannot get this to work. Currently my client application is logging in twice, once using JAAS for the ejb access and once when creating the topic connection.
I cannot work out how to unify the security for JMS and EJBs when using both from an external client.
I have this exact same problem.
Rich client authenticating via JAAS ClientLoginModule to JBoss EJB server. This works fine. However the same JAAS authentication is ignored for opening connection to a JMS topic or queue and I have to manually supply the username and password in the call to open connection (meaning I am doing this twice).
Does anyone have a solution to the man's problem?
Client JMS does not use JAAS.
It is a TODO in the spec for a future version.
The JMS Resource Adapter deployed within JBoss will use JAAS
because it is wrapped with a JCA connection manager that understands it.
The only portable solution is to write your own JMS wrapper that understands JAAS
and redirects createXXXConnection() to createXXXConnection(jaasUser, jaasCredential)