1 Reply Latest reply on Aug 4, 2005 12:51 PM by adrian.brock

    autentication user null/null

    schachi
    schachi Aug 4, 2005 12:17 PM

      i spend another day with reading jboss-documentation.

      i try to send a message from a java standalone-client to a message-queue.

      java-client:

      public class Test_DocImportProcessor {
 public static void main (String [] args) throws Exception {

 try{

 AppCallbackHandler handler = new AppCallbackHandler("publisher", "publisher".toCharArray());
 System.setProperty("java.security.auth.login.config", "pathtoauthconf\\auth.conf");
 LoginContext lc = new LoginContext("client-login", handler);
 lc.login();


 Context jndiContext = getInitialContext ();
 QueueConnectionFactory factory = (QueueConnectionFactory)jndiContext.lookup ("ConnectionFactory");
 Queue docImportQueue = (Queue)jndiContext.lookup ("queue/docImportQueue");
 QueueConnection connect = factory.createQueueConnection ();
 QueueSession session = connect.createQueueSession (false, Session.AUTO_ACKNOWLEDGE);
 QueueSender sender = session.createSender (docImportQueue);
 ObjectMessage message = session.createObjectMessage();
 message.setJMSReplyTo (docImportQueue);
 message.setStringProperty ("MessageFormat", "Version 3.4");
 message.setObject("test123");
 sender.send (message);
 connect.close ();
 }
 catch (Exception ex) {
 ex.printStackTrace();
 }
 }

 public static Context getInitialContext () throws javax.naming.NamingException {
 Properties env = new Properties();
 env.put("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
 env.put("java.naming.provider.url", "localhost:1099");
 return new InitialContext(env);
 }

 static class AppCallbackHandler implements CallbackHandler {
 private String username;
 private char[] password;
 public AppCallbackHandler(String username, char[] password) {
 this.username = username;
 this.password = password;
 }
 public void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException {
 for (int i = 0; i < callbacks.length; i++) {
 if (callbacks instanceof NameCallback) {
 NameCallback nc = (NameCallback) callbacks;
 nc.setName(username);
 } else if (callbacks instanceof PasswordCallback) {
 PasswordCallback pc = (PasswordCallback) callbacks;
 pc.setPassword(password);
 } else {
 throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback");
 }
 }
 }
 }

 }



      auth.conf: 
      ...
 <application-policy name = "client-login">
 <authentication>
 <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"></login-module>
 </authentication>
 </application-policy>
...


      jbossmq-docImport-service.xml: 
      <server>
 <mbean code="org.jboss.mq.server.jmx.Queue"
 name="jboss.mq.destination:service=Queue,name=docImportQueue">
 <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
 <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
 <attribute name="SecurityConf">
 <security>
 <role name="publisher" read="true" write="true" create="true"/>
 <role name="guest" read="false" write="false" create="false"/>
 </security>
 </attribute>
 </mbean>
</server>


      further: i added publisher to the jms_roles and jms_users-tables.
      i didn't changed the members \conf\login-config.xml and \deploy\jms\jbossmq-service.xml)


      Exception: 
      javax.jms.JMSSecurityException: Connection not authorized to addMessages to destination: docImportQueue
 at org.jboss.mq.security.ServerSecurityInterceptor.addMessage(ServerSecurityInterceptor.java:152)
 at org.jboss.mq.server.TracingInterceptor.addMessage(TracingInterceptor.java:270)
 at org.jboss.mq.server.JMSServerInvoker.addMessage(JMSServerInvoker.java:136)
 at org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:92)
 at org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:369)
 at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:377)
 at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:748)
 at java.lang.Thread.run(Thread.java:595)


      server.log: 
      2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Begin ReadTask.run
2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Created ObjectInputStream
2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Begin WriteTask.run
2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Created ObjectOutputStream

2005-08-04 17:39:13,906 TRACE [org.jboss.mq.security.ServerSecurityInterceptor] Autenticating user null/null
 2005-08-04 17:39:13,906 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] Begin isValid, principal:null, cache info: null
 2005-08-04 17:39:13,906 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] defaultLogin, principal=null

2005-08-04 17:39:13,906 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jbossmq), size=8
2005-08-04 17:39:13,906 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jbossmq), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: Anmeldemodul-Steuerflag: required
Options:name=rolesQuery, value=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?
name=principalsQuery, value=SELECT PASSWD FROM JMS_USERS WHERE USERID=?
name=unauthenticatedIdentity, value=guest
name=dsJndiName, value=java:/DefaultDS

2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize, instance=@19927137
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/DefaultDS
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT PASSWD FROM JMS_USERS WHERE USERID=?
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=guest
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'guest' authenticated, loginOk=true
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin isValid, principal:null, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734]
2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734];credential.class=null
2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End validateCache, isValid=true
2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End isValid, true
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role guest
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role j2ee
2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role john
2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] defaultLogin, lc=javax.security.auth.login.LoginContext@18b0b4a, subject=Subject(26367546).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john))
2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] updateCache, inputSubject=Subject(26367546).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john)), cacheSubject=Subject(25423514).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john))
2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a5ce92[Subject(25423514).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john)),credential.class=null,expirationTime=1123171736062]
2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] End isValid, true
2005-08-04 17:39:13,921 TRACE [org.jboss.mq.security.SecurityManager] Username: null is authenticated
2005-08-04 17:39:13,921 TRACE [org.jboss.mq.security.SecurityManager] Adding group : class org.jboss.security.SimpleGroup Roles(members:j2ee,guest,john)
2005-08-04 17:39:13,937 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] Setting up the UILClientIL Connection
2005-08-04 17:39:13,937 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] The UILClientIL Connection is set up
2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin isValid, principal:null, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734]
2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734];credential.class=null
2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End validateCache, isValid=true
2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End isValid, true
2005-08-04 17:39:13,953 TRACE [org.jboss.mq.sm.jdbc.JDBCStateManager] Client id 'ID:1' is logged in.
2005-08-04 17:39:14,015 TRACE [org.jboss.mq.security.SecurityManager] Checking authorize on subjectInfo: SubjectInfo {subject=Betreff:
 Principal: guest
 Principal: Roles(members:j2ee,guest,john)
;principal=null;roles=Roles(members:j2ee,guest,john) for rolePrincipals [publisher]
2005-08-04 17:39:14,500 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] Exiting on IOE
java.net.SocketException: Connection reset
 at java.net.SocketInputStream.read(SocketInputStream.java:168)
 at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
 at java.io.BufferedInputStream.read(BufferedInputStream.java:235)
 at org.jboss.util.stream.NotifyingBufferedInputStream.read(NotifyingBufferedInputStream.java:67)
 at java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2200)
 at java.io.ObjectInputStream$BlockDataInputStream.readBlockHeader(ObjectInputStream.java:2380)
 at java.io.ObjectInputStream$BlockDataInputStream.refill(ObjectInputStream.java:2447)
 at java.io.ObjectInputStream$BlockDataInputStream.read(ObjectInputStream.java:2519)
 at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2668)
 at java.io.ObjectInputStream.readByte(ObjectInputStream.java:864)
 at org.jboss.mq.il.uil2.SocketManager$ReadTask.run(SocketManager.java:290)
 at java.lang.Thread.run(Thread.java:595)
2005-08-04 17:39:14,515 TRACE [org.jboss.mq.sm.jdbc.JDBCStateManager] Client id 'ID:1' is logged out.
2005-08-04 17:39:14,515 DEBUG [org.jboss.mq.il.uil2.SocketManager] End ReadTask.run
2005-08-04 17:39:14,515 DEBUG [org.jboss.mq.il.uil2.SocketManager] End WriteTask.run


      it seems to me, that the principal will not be passed (i know there are a lot of topics in the form about this problem, but most of the people "didn't activate" the ClientLoginModule).
      can anybody please give me a hint?

      thank you!
      marc


      • 5828 Views
      • Tags:
        • 1. Re: autentication user null/null
          adrian.brock Aug 4, 2005 12:51 PM (in response to schachi)

           

          "schachi" wrote:
          i spend another day with reading jboss-documentation.


          Try the JMS documentation (you can find the link to it at the top of the WIKI page)
          and search for the phrase JAAS -> nada.
          Then search for the phrase password... 
          createConnection(user, password);


          You might also want to post security questions in the security forum in future?!?

            • Actions