0 Replies Latest reply on Mar 31, 2006 3:13 PM by Amir Mistric

    Using different jaas context - different Security Manager???

    Amir Mistric Newbie


      I am trying to secure access to a queue based on the information froma a different DB that that JBoss comes with (Hypersonic)...

      I have created a necessary context in login-config.xml as so:

       <application-policy name = "XXX-mq">
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag = "required">
       <module-option name = "unauthenticatedIdentity">guest</module-option>
       <module-option name = "dsJndiName">java:jdbc/XXXDS</module-option>
       <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
       <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>

      Then I deployed -service file which describes SecurityManager as so:
      <?xml version="1.0" encoding="UTF-8"?>
       <mbean code="org.jboss.mq.security.SecurityManager" name="XXX.mq:service=SecurityManager">
       <attribute name="DefaultSecurityConfig">
       <role name="guestrole" read="true" write="false" create="false"/>
       <attribute name="SecurityDomain">java:/jaas/XXX-mq</attribute>
       <depends optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>

      And last I deploy -service.xml file with my queue:

      <?xml version="1.0" encoding="UTF-8"?>
       <mbean code="org.jboss.mq.server.jmx.Queue" name="jboss.mq.destination:service=Queue,name=XXXqueue">
       <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
       <depends optional-attribute-name="SecurityManager">XXX.mq:service=SecurityManager</depends>
       <attribute name="MessageCounterHistoryDayLimit">-1</attribute>
       <attribute name="SecurityConf">
       <role name="guestrole" read="true" write="false"/>
       <role name="bgqueue" read="true" write="true" create="false"/>

      No errors or warnings in the log (not even MQ subsystem)....But the above does not work...I am still able to send messages without authenticating....If I use jboss.mq.SecurityManager then protection works....Can someone tell me if I am doing somethign wrong?

      Am I using the right approach to protect a queue based on users and roles from my own database?