1 Reply Latest reply on Aug 4, 2005 12:51 PM by Adrian Brock

    autentication user null/null

    Schacher Newbie

      i spend another day with reading jboss-documentation.

      i try to send a message from a java standalone-client to a message-queue.

      java-client:

      public class Test_DocImportProcessor {
       public static void main (String [] args) throws Exception {
      
       try{
      
       AppCallbackHandler handler = new AppCallbackHandler("publisher", "publisher".toCharArray());
       System.setProperty("java.security.auth.login.config", "pathtoauthconf\\auth.conf");
       LoginContext lc = new LoginContext("client-login", handler);
       lc.login();
      
      
       Context jndiContext = getInitialContext ();
       QueueConnectionFactory factory = (QueueConnectionFactory)jndiContext.lookup ("ConnectionFactory");
       Queue docImportQueue = (Queue)jndiContext.lookup ("queue/docImportQueue");
       QueueConnection connect = factory.createQueueConnection ();
       QueueSession session = connect.createQueueSession (false, Session.AUTO_ACKNOWLEDGE);
       QueueSender sender = session.createSender (docImportQueue);
       ObjectMessage message = session.createObjectMessage();
       message.setJMSReplyTo (docImportQueue);
       message.setStringProperty ("MessageFormat", "Version 3.4");
       message.setObject("test123");
       sender.send (message);
       connect.close ();
       }
       catch (Exception ex) {
       ex.printStackTrace();
       }
       }
      
       public static Context getInitialContext () throws javax.naming.NamingException {
       Properties env = new Properties();
       env.put("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
       env.put("java.naming.provider.url", "localhost:1099");
       return new InitialContext(env);
       }
      
       static class AppCallbackHandler implements CallbackHandler {
       private String username;
       private char[] password;
       public AppCallbackHandler(String username, char[] password) {
       this.username = username;
       this.password = password;
       }
       public void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException {
       for (int i = 0; i < callbacks.length; i++) {
       if (callbacks instanceof NameCallback) {
       NameCallback nc = (NameCallback) callbacks;
       nc.setName(username);
       } else if (callbacks instanceof PasswordCallback) {
       PasswordCallback pc = (PasswordCallback) callbacks;
       pc.setPassword(password);
       } else {
       throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback");
       }
       }
       }
       }
      
       }
      



      auth.conf:
      ...
       <application-policy name = "client-login">
       <authentication>
       <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"></login-module>
       </authentication>
       </application-policy>
      ...
      


      jbossmq-docImport-service.xml:
      <server>
       <mbean code="org.jboss.mq.server.jmx.Queue"
       name="jboss.mq.destination:service=Queue,name=docImportQueue">
       <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
       <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
       <attribute name="SecurityConf">
       <security>
       <role name="publisher" read="true" write="true" create="true"/>
       <role name="guest" read="false" write="false" create="false"/>
       </security>
       </attribute>
       </mbean>
      </server>
      
      


      further: i added publisher to the jms_roles and jms_users-tables.
      i didn't changed the members \conf\login-config.xml and \deploy\jms\jbossmq-service.xml)


      Exception:
      javax.jms.JMSSecurityException: Connection not authorized to addMessages to destination: docImportQueue
       at org.jboss.mq.security.ServerSecurityInterceptor.addMessage(ServerSecurityInterceptor.java:152)
       at org.jboss.mq.server.TracingInterceptor.addMessage(TracingInterceptor.java:270)
       at org.jboss.mq.server.JMSServerInvoker.addMessage(JMSServerInvoker.java:136)
       at org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:92)
       at org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:369)
       at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:377)
       at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:748)
       at java.lang.Thread.run(Thread.java:595)
      


      server.log:
      2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Begin ReadTask.run
      2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Created ObjectInputStream
      2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Begin WriteTask.run
      2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Created ObjectOutputStream
      
      2005-08-04 17:39:13,906 TRACE [org.jboss.mq.security.ServerSecurityInterceptor] Autenticating user null/null
       2005-08-04 17:39:13,906 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] Begin isValid, principal:null, cache info: null
       2005-08-04 17:39:13,906 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] defaultLogin, principal=null
      
      2005-08-04 17:39:13,906 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jbossmq), size=8
      2005-08-04 17:39:13,906 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jbossmq), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: Anmeldemodul-Steuerflag: required
      Options:name=rolesQuery, value=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?
      name=principalsQuery, value=SELECT PASSWD FROM JMS_USERS WHERE USERID=?
      name=unauthenticatedIdentity, value=guest
      name=dsJndiName, value=java:/DefaultDS
      
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize, instance=@19927137
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/DefaultDS
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT PASSWD FROM JMS_USERS WHERE USERID=?
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=guest
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'guest' authenticated, loginOk=true
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin isValid, principal:null, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734]
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734];credential.class=null
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End validateCache, isValid=true
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End isValid, true
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role guest
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role j2ee
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role john
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] defaultLogin, lc=javax.security.auth.login.LoginContext@18b0b4a, subject=Subject(26367546).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john))
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] updateCache, inputSubject=Subject(26367546).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john)), cacheSubject=Subject(25423514).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john))
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a5ce92[Subject(25423514).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john)),credential.class=null,expirationTime=1123171736062]
      2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] End isValid, true
      2005-08-04 17:39:13,921 TRACE [org.jboss.mq.security.SecurityManager] Username: null is authenticated
      2005-08-04 17:39:13,921 TRACE [org.jboss.mq.security.SecurityManager] Adding group : class org.jboss.security.SimpleGroup Roles(members:j2ee,guest,john)
      2005-08-04 17:39:13,937 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] Setting up the UILClientIL Connection
      2005-08-04 17:39:13,937 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] The UILClientIL Connection is set up
      2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin isValid, principal:null, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734]
      2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734];credential.class=null
      2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End validateCache, isValid=true
      2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End isValid, true
      2005-08-04 17:39:13,953 TRACE [org.jboss.mq.sm.jdbc.JDBCStateManager] Client id 'ID:1' is logged in.
      2005-08-04 17:39:14,015 TRACE [org.jboss.mq.security.SecurityManager] Checking authorize on subjectInfo: SubjectInfo {subject=Betreff:
       Principal: guest
       Principal: Roles(members:j2ee,guest,john)
      ;principal=null;roles=Roles(members:j2ee,guest,john) for rolePrincipals [publisher]
      2005-08-04 17:39:14,500 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] Exiting on IOE
      java.net.SocketException: Connection reset
       at java.net.SocketInputStream.read(SocketInputStream.java:168)
       at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
       at java.io.BufferedInputStream.read(BufferedInputStream.java:235)
       at org.jboss.util.stream.NotifyingBufferedInputStream.read(NotifyingBufferedInputStream.java:67)
       at java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2200)
       at java.io.ObjectInputStream$BlockDataInputStream.readBlockHeader(ObjectInputStream.java:2380)
       at java.io.ObjectInputStream$BlockDataInputStream.refill(ObjectInputStream.java:2447)
       at java.io.ObjectInputStream$BlockDataInputStream.read(ObjectInputStream.java:2519)
       at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2668)
       at java.io.ObjectInputStream.readByte(ObjectInputStream.java:864)
       at org.jboss.mq.il.uil2.SocketManager$ReadTask.run(SocketManager.java:290)
       at java.lang.Thread.run(Thread.java:595)
      2005-08-04 17:39:14,515 TRACE [org.jboss.mq.sm.jdbc.JDBCStateManager] Client id 'ID:1' is logged out.
      2005-08-04 17:39:14,515 DEBUG [org.jboss.mq.il.uil2.SocketManager] End ReadTask.run
      2005-08-04 17:39:14,515 DEBUG [org.jboss.mq.il.uil2.SocketManager] End WriteTask.run
      


      it seems to me, that the principal will not be passed (i know there are a lot of topics in the form about this problem, but most of the people "didn't activate" the ClientLoginModule).
      can anybody please give me a hint?

      thank you!
      marc


        • 1. Re: autentication user null/null
          Adrian Brock Master

           

          "schachi" wrote:
          i spend another day with reading jboss-documentation.


          Try the JMS documentation (you can find the link to it at the top of the WIKI page)
          and search for the phrase JAAS -> nada.
          Then search for the phrase password...
          createConnection(user, password);
          


          You might also want to post security questions in the security forum in future?!?