6 Replies Latest reply on Jul 2, 2004 9:45 AM by voilivoilo

    user: NULL is not authenticated

    Gregg Freeman Newbie

      We're having an issue with our queue where we are unable to send messages to it after a period of inactivity. We're using JBoss 3.2.3 (on Windows)

      The mq trace log has the following:
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.Connection] Connection Initializing
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.Connection] Getting the serverIL
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.Connection] serverIL=org.jboss.mq.il.jvm.JVMServerIL@b4faeb
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.Connection] Authenticating
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.Connection] Authenticating user null
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.server.TracingInterceptor] CALLED : authenticate
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.security.ServerSecurityInterceptor] Autenticating user null/null
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.security.SecurityManager] Username: null is authenticated
      2004-06-17 13:02:39,207 TRACE [org.jboss.mq.security.SecurityManager] Adding group : class org.jboss.security.NestableGroup Roles(members:guest)

      The very next call (at a later time) has:
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.Connection] Connection Initializing
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.Connection] Getting the serverIL
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.Connection] serverIL=org.jboss.mq.il.jvm.JVMServerIL@b4faeb
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.Connection] Authenticating
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.Connection] Authenticating user null
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.server.TracingInterceptor] CALLED : authenticate
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.security.ServerSecurityInterceptor] Autenticating user null/null
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.sm.file.DynamicLoginModule] logout
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.security.SecurityManager] User: null is NOT authenticated
      2004-06-17 13:20:53,408 TRACE [org.jboss.mq.server.TracingInterceptor] EXCEPTION : authenticate:
      javax.jms.JMSSecurityException: User: null is NOT authenticated


      The thing I finde peculiar is the logout message.

      The message sending code is:

      QueueConnectionFactory queueFactory = (QueueConnectionFactory)
       context.lookup(factoryName);
      
      queueConnection = queueFactory.createQueueConnection();
      

      and fails on the createQueueConnection() call (if it's not obvious).

      The destination is configured as:

      <mbean code="org.jboss.mq.server.jmx.Queue"
       name="jboss.mq.destination:service=Queue,name=myEvents">
       <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
       <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
       <attribute name="SecurityConf">
       <security>
       <role name="guest" read="true" write="true"/>
       <role name="publisher" read="true" write="true" create="false"/>
       </security>
       </attribute>
       </mbean>

      We are also using the oracle persistence manager for our messages, and the conf/jbossmq-state.xml is unmodified:

      <User>
       <Name>guest</Name>
       <Password>guest</Password>
      </User>
      *** Stuff removed ***
      <Role name="guest">
       <UserName>guest</UserName>
       <UserName>john</UserName>
      </Role>
      

      I hope I've provided the right amount of info, but please let me know if I left out a critical piece of info..

      Best Regards


        • 1. Re: user: NULL is not authenticated
          Gregg Freeman Newbie

          Here's the full stack trace, if it helps any:

          javax.jms.JMSSecurityException: User: null is NOT authenticated
          at org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:232)
          at org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:51)
          at org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:781)
          at org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:287)
          at org.jboss.mq.il.jvm.JVMServerIL.authenticate(JVMServerIL.java:302)
          at org.jboss.mq.Connection.authenticate(Connection.java:876)
          at org.jboss.mq.Connection.(Connection.java:238)
          at org.jboss.mq.Connection.(Connection.java:315)
          at org.jboss.mq.SpyConnection.(SpyConnection.java:60)
          at org.jboss.mq.SpyConnectionFactory.createQueueConnection(SpyConnectionFactory.java:116)
          at com.ourstuff.MDBMessageSender.init(MDBMessageSender.java:106)
          at com.ourstuff.MDBMessageSender.sendEvent(MDBMessageSender.java:28)
          at com.ourstuff.ProcessObjectServiceBean.sendUpdateNotifications(ProcessObjectServiceBean.java:1878)
          at com.ourstuff.ProcessObjectServiceBean.setOrCreate(ProcessObjectServiceBean.java:1380)
          at com.ourstuff.ProcessObjectServiceBean.set(ProcessObjectServiceBean.java:1270)
          at com.ourstuff.ProcessObjectServiceBean.handleRequest(ProcessObjectServiceBean.java:84)
          at sun.reflect.GeneratedMethodAccessor54.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:683)
          at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
          at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:72)
          at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84)
          at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:267)
          at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:128)
          at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
          at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
          at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
          at org.jboss.ejb.StatelessSessionContainer.internalInvoke(StatelessSessionContainer.java:331)
          at org.jboss.ejb.Container.invoke(Container.java:700)
          at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:375)
          at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:83)
          at $Proxy49.handleRequest(Unknown Source)
          at com.ourstuff.ProcessObjectServiceWrapper.handleRequest(ProcessObjectServiceWrapper.java:66)
          at com.ourstuff.ServiceRequestObj.send(ServiceRequestObj.java:114)
          at com.ourstuff.ProcessCommandServiceBean.set(ProcessCommandServiceBean.java:322)
          at com.ourstuff.ProcessCommandServiceBean.handleRequest(ProcessCommandServiceBean.java:120)
          at sun.reflect.GeneratedMethodAccessor202.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:683)
          at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
          at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:72)
          at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84)
          at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:320)
          at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:128)
          at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
          at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
          at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
          at org.jboss.ejb.StatelessSessionContainer.internalInvoke(StatelessSessionContainer.java:331)
          at org.jboss.ejb.Container.invoke(Container.java:700)
          at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:375)
          at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:83)
          at $Proxy50.handleRequest(Unknown Source)
          at com.ourstuff.ProcessCommandServiceWrapper.handleRequest(ProcessCommandServiceWrapper.java:53)
          at com.ourstuff.ServiceRequestObj.send(ServiceRequestObj.java:106)
          at com.ourstuff.FrontDeskRequestHandler.fulfillRequest(FrontDeskRequestHandler.java:233)
          at com.ourstuff.FrontDeskRequestHandler.handleRequest(FrontDeskRequestHandler.java:103)
          at com.ourstuff.EJBFrontDeskBean.handleRequest(EJBFrontDeskBean.java:22)
          at sun.reflect.GeneratedMethodAccessor173.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:683)
          at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:185)
          at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:72)
          at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:84)
          at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:297)
          at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:128)
          at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
          at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
          at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
          at org.jboss.ejb.StatelessSessionContainer.internalInvoke(StatelessSessionContainer.java:331)
          at org.jboss.ejb.Container.invoke(Container.java:700)
          at sun.reflect.GeneratedMethodAccessor169.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:324)
          at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
          at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
          at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
          at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
          at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
          at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)
          at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:100)
          at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
          at $Proxy45.handleRequest(Unknown Source)
          at com.ourstuff.EJBFrontDeskWrapper.handleRequest(EJBFrontDeskWrapper.java:71)
          at com.ourstuff.ReactorRequest.send(ReactorRequest.java:215)
          at com.ourstuff.EJBReactorProxy.sendRequest(EJBReactorProxy.java:44)
          at com.ourstuff.AbstractReactorProxy.setObjects(AbstractReactorProxy.java:148)
          at com.ourstuff.ApplyStartFormAction.setPortalOperands(ApplyStartFormAction.java:345)
          at com.ourstuff.ApplyStartFormAction.execute(ApplyStartFormAction.java:153)
          at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
          at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
          at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
          at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:220)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.jboss.web.tomcat.tc4.statistics.ContainerStatsValve.invoke(ContainerStatsValve.java:76)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:65)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:577)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
          at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
          at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:197)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:549)
          at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
          at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
          at java.lang.Thread.run(Thread.java:534)

          • 2. Re: user: NULL is not authenticated
            Gregg Freeman Newbie

            Here's what I found out regarding this:
            The user: null is NOT authenticated was happening 30 minutes after the server started - the default for the JaasSecurityManagerService cache.

            We were using the JVM IL (I don't know why. I guess we assumed it would have the best performance).

            Setting the DefaultCacheTimeout on the JaasSecurityManagerService to zero reproduced the error on the first message sent.

            Modifying the JMS configuration to use the OIL IL resolved the issue (as well as a weird Hibernate/JBoss error about returning an unknown connection).

            So, it _seems_ that the JVM IL only authenticates on server startup, and not during actual connections (haven't finished digging through the JBoss code yet). Is this a defect, or just my mis-understanding of the JVM IL?

            • 3. Re: user: NULL is not authenticated
              Stephane Nicoll Master

              Do you need custom security config? If no declare your queue as

              <mbean code="org.jboss.mq.server.jmx.Queue"
               name="jboss.mq.destination:service=Queue,name=myEvents">
               <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
               </mbean>
              


              Regards,

              Stephane

              • 4. Re: user: NULL is not authenticated
                Gregg Freeman Newbie

                So, changing to OIL didn't resolve the issue, I still had the security manager disabled.

                I tried defining my queue as above, without the dependency on the security manager, but the result was the same - user null is NOT authenticated.

                I just don't understand why it's not working... :(

                • 5. Re: user: NULL is not authenticated
                  Gregg Freeman Newbie

                  Here's my security manager mbean:

                  <mbean code="org.jboss.mq.security.SecurityManager" name="jboss.mq:service=SecurityManager">
                   <attribute name="DefaultSecurityConfig">
                   <security>
                   <role name="guest" read="true" write="true" create="true"/>
                   </security>
                   </attribute>
                   <attribute name="SecurityDomain">jbossmq</attribute>
                   <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
                   </mbean>
                  


                  • 6. Re: user: NULL is not authenticated
                    voilivoilo Newbie

                    Take a look at your login-config.xml...
                    Does it look like this ?

                    <application-policy name = "jbossmq">
                     <authentication>
                     <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
                     flag = "required">
                     <module-option name = "unauthenticatedIdentity">guest</module-option>
                     <module-option name = "dsJndiName">java:/DefaultDS</module-option>
                     <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
                     <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
                     </login-module>
                     </authentication>
                     </application-policy>


                    In this case, if your login is not in a database change it like this :
                    <application-policy name = "jbossmq">
                     <authentication>
                     <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
                     flag = "required">
                     <module-option name = "unauthenticatedIdentity">guest</module-option>
                     <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
                     </login-module>
                     </authentication>
                     </application-policy>