autentication user null/null
schachi Aug 4, 2005 12:17 PMi spend another day with reading jboss-documentation.
i try to send a message from a java standalone-client to a message-queue.
java-client:
public class Test_DocImportProcessor { public static void main (String [] args) throws Exception { try{ AppCallbackHandler handler = new AppCallbackHandler("publisher", "publisher".toCharArray()); System.setProperty("java.security.auth.login.config", "pathtoauthconf\\auth.conf"); LoginContext lc = new LoginContext("client-login", handler); lc.login(); Context jndiContext = getInitialContext (); QueueConnectionFactory factory = (QueueConnectionFactory)jndiContext.lookup ("ConnectionFactory"); Queue docImportQueue = (Queue)jndiContext.lookup ("queue/docImportQueue"); QueueConnection connect = factory.createQueueConnection (); QueueSession session = connect.createQueueSession (false, Session.AUTO_ACKNOWLEDGE); QueueSender sender = session.createSender (docImportQueue); ObjectMessage message = session.createObjectMessage(); message.setJMSReplyTo (docImportQueue); message.setStringProperty ("MessageFormat", "Version 3.4"); message.setObject("test123"); sender.send (message); connect.close (); } catch (Exception ex) { ex.printStackTrace(); } } public static Context getInitialContext () throws javax.naming.NamingException { Properties env = new Properties(); env.put("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory"); env.put("java.naming.provider.url", "localhost:1099"); return new InitialContext(env); } static class AppCallbackHandler implements CallbackHandler { private String username; private char[] password; public AppCallbackHandler(String username, char[] password) { this.username = username; this.password = password; } public void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks instanceof NameCallback) { NameCallback nc = (NameCallback) callbacks; nc.setName(username); } else if (callbacks instanceof PasswordCallback) { PasswordCallback pc = (PasswordCallback) callbacks; pc.setPassword(password); } else { throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback"); } } } } }
auth.conf:
... <application-policy name = "client-login"> <authentication> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"></login-module> </authentication> </application-policy> ...
jbossmq-docImport-service.xml:
<server> <mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=docImportQueue"> <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends> <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends> <attribute name="SecurityConf"> <security> <role name="publisher" read="true" write="true" create="true"/> <role name="guest" read="false" write="false" create="false"/> </security> </attribute> </mbean> </server>
further: i added publisher to the jms_roles and jms_users-tables.
i didn't changed the members \conf\login-config.xml and \deploy\jms\jbossmq-service.xml)
Exception:
javax.jms.JMSSecurityException: Connection not authorized to addMessages to destination: docImportQueue at org.jboss.mq.security.ServerSecurityInterceptor.addMessage(ServerSecurityInterceptor.java:152) at org.jboss.mq.server.TracingInterceptor.addMessage(TracingInterceptor.java:270) at org.jboss.mq.server.JMSServerInvoker.addMessage(JMSServerInvoker.java:136) at org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:92) at org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:369) at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:377) at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:748) at java.lang.Thread.run(Thread.java:595)
server.log:
2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Begin ReadTask.run 2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Created ObjectInputStream 2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Begin WriteTask.run 2005-08-04 17:39:13,906 DEBUG [org.jboss.mq.il.uil2.SocketManager] Created ObjectOutputStream 2005-08-04 17:39:13,906 TRACE [org.jboss.mq.security.ServerSecurityInterceptor] Autenticating user null/null 2005-08-04 17:39:13,906 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] Begin isValid, principal:null, cache info: null 2005-08-04 17:39:13,906 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] defaultLogin, principal=null 2005-08-04 17:39:13,906 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jbossmq), size=8 2005-08-04 17:39:13,906 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jbossmq), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule ControlFlag: Anmeldemodul-Steuerflag: required Options:name=rolesQuery, value=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=? name=principalsQuery, value=SELECT PASSWD FROM JMS_USERS WHERE USERID=? name=unauthenticatedIdentity, value=guest name=dsJndiName, value=java:/DefaultDS 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize, instance=@19927137 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/DefaultDS 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT PASSWD FROM JMS_USERS WHERE USERID=? 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=? 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=guest 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'guest' authenticated, loginOk=true 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true 2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin isValid, principal:null, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734] 2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734];credential.class=null 2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End validateCache, isValid=true 2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End isValid, true 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role guest 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role j2ee 2005-08-04 17:39:13,921 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role john 2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] defaultLogin, lc=javax.security.auth.login.LoginContext@18b0b4a, subject=Subject(26367546).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john)) 2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] updateCache, inputSubject=Subject(26367546).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john)), cacheSubject=Subject(25423514).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john)) 2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@a5ce92[Subject(25423514).principals=org.jboss.security.SimplePrincipal@15839838(guest)org.jboss.security.SimpleGroup@5962929(Roles(members:j2ee,guest,john)),credential.class=null,expirationTime=1123171736062] 2005-08-04 17:39:13,921 TRACE [org.jboss.security.plugins.JaasSecurityManager.jbossmq] End isValid, true 2005-08-04 17:39:13,921 TRACE [org.jboss.mq.security.SecurityManager] Username: null is authenticated 2005-08-04 17:39:13,921 TRACE [org.jboss.mq.security.SecurityManager] Adding group : class org.jboss.security.SimpleGroup Roles(members:j2ee,guest,john) 2005-08-04 17:39:13,937 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] Setting up the UILClientIL Connection 2005-08-04 17:39:13,937 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] The UILClientIL Connection is set up 2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin isValid, principal:null, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734] 2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1f6f3dc[Subject(101915).principals=org.jboss.security.SimplePrincipal@15839838(sa),credential.class=null,expirationTime=1123171735734];credential.class=null 2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End validateCache, isValid=true 2005-08-04 17:39:13,953 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] End isValid, true 2005-08-04 17:39:13,953 TRACE [org.jboss.mq.sm.jdbc.JDBCStateManager] Client id 'ID:1' is logged in. 2005-08-04 17:39:14,015 TRACE [org.jboss.mq.security.SecurityManager] Checking authorize on subjectInfo: SubjectInfo {subject=Betreff: Principal: guest Principal: Roles(members:j2ee,guest,john) ;principal=null;roles=Roles(members:j2ee,guest,john) for rolePrincipals [publisher] 2005-08-04 17:39:14,500 DEBUG [org.jboss.mq.il.uil2.ServerSocketManagerHandler] Exiting on IOE java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:168) at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) at java.io.BufferedInputStream.read(BufferedInputStream.java:235) at org.jboss.util.stream.NotifyingBufferedInputStream.read(NotifyingBufferedInputStream.java:67) at java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2200) at java.io.ObjectInputStream$BlockDataInputStream.readBlockHeader(ObjectInputStream.java:2380) at java.io.ObjectInputStream$BlockDataInputStream.refill(ObjectInputStream.java:2447) at java.io.ObjectInputStream$BlockDataInputStream.read(ObjectInputStream.java:2519) at java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2668) at java.io.ObjectInputStream.readByte(ObjectInputStream.java:864) at org.jboss.mq.il.uil2.SocketManager$ReadTask.run(SocketManager.java:290) at java.lang.Thread.run(Thread.java:595) 2005-08-04 17:39:14,515 TRACE [org.jboss.mq.sm.jdbc.JDBCStateManager] Client id 'ID:1' is logged out. 2005-08-04 17:39:14,515 DEBUG [org.jboss.mq.il.uil2.SocketManager] End ReadTask.run 2005-08-04 17:39:14,515 DEBUG [org.jboss.mq.il.uil2.SocketManager] End WriteTask.run
it seems to me, that the principal will not be passed (i know there are a lot of topics in the form about this problem, but most of the people "didn't activate" the ClientLoginModule).
can anybody please give me a hint?
thank you!
marc