-
1. Re: ConfiguredIdentityLoginModule help
johnv Jan 28, 2005 9:16 PM (in response to johnv)Just noticed I had both login modules as required. Changed them both to sufficient and now I get:
javax.resource.spi.CommException: javax.jms.JMSSecurityException: User: testUser
is NOT authenticated
at org.jboss.resource.adapter.jms.JmsManagedConnection.setup(JmsManagedConnection.java:749) -
2. Re: ConfiguredIdentityLoginModule help
starksm64 Jan 29, 2005 2:10 PM (in response to johnv)The jca login modules are described here:
http://www.jboss.org/wiki/Wiki.jsp?page=ConfigJCALoginModule
The ConfiguredIdentityLoginModule alone is not approriate for jms since it has no notion of roles. It would have to be combined with another login module which associated the roles expected by the destination security policy. I don't see the jboss version or jms destination or connection factory configuration being used here. These need to be pulled together to understand the complete picture. -
3. Re: ConfiguredIdentityLoginModule help
johnv Jan 31, 2005 11:36 AM (in response to johnv)Thanks for the link. It looks like CallerIdentityLoginModule would do what I need though combining that with my existing UsersRolesLoginModule is netting the same results.
version: 4.0.1RC1
destinations (note, I left out a couple '>' chars for this posting as they were causing the text not to show up in Preview. They are proper in the JBoss config file and validate successfully):
<mbean code="org.jboss.mq.server.jmx.Queue"
name="jboss.mq.destination:service=Queue,name=jms/MY_REQUEST_QUEUE"<depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager </depends
<mbean code="org.jboss.mq.server.jmx.Queue"
name="jboss.mq.destination:service=Queue,name=jms/MY_RESPONSE_QUEUE"<depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager </depends
conn factory:
<tx-connection-factory>
<jndi-name>jms/MY_QUEUE_FACTORY</jndi-name>
<xa-transaction/>
<rar-name>jms-ra.rar</rar-name>
<connection definition>org.jboss.resource.adapter.jms.JmsConnectionFactory</connection-definition>
<config-property name="SessionDefaultType" type="java.lang.String">javax.jms.Queue</config-property>
<config-property name="JmsProviderAdapterJNDI" type="java.lang.String">java:/DefaultJMSProvider
</config-property>
<config-property name="Strict" type="java.lang.Boolean">false</config-property>
<max-pool-size>20</max-pool-size>
<security-domain-and-application>myPolicy</security-domain-and-application>
</tx-connection-factory>
Here is my latest from login.xml:
<application-policy name="myPolicy">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="sufficient"/>
<login-module code = "org.jboss.resource.security.CallerIdentityLoginModule" flag = "sufficient">
<module-option name = "userName">sa</module-option>
<module-option name = "password"></module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=jms/MY_QUEUE_FACTORY</module-option>
</login-module>
</application-policy>