Can't get it working: JBossMQ + JAAS
I'm trying to conect to queue with my own user, I'm using JAAS.
What I've got:
Fresh JBOSS 4.0.4 installation, Default config.
In hsqldb-jdbc-state-service.xml - two rows only:
| POPULATE.TABLES.01 = INSERT INTO JMS_USERS (USERID, PASSWD) VALUES ('user',
'pass')
| POPULATE.TABLES.02 = INSERT INTO JMS_ROLES (ROLEID, USERID) VALUES
('publisher','user')
|
In jbossmq-destinations-service.xml there's only one Queue:
| <mbean code="org.jboss.mq.server.jmx.Queue"
| name="jboss.mq.destination:service=Queue,name=testQueue">
| <depends
optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager</depends>
| <depends
optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager</depends>
| <attribute name="MessageCounterHistoryDayLimit">-1</attribute>
| <attribute name="SecurityConf">
| <security>
|
| <role name="publisher" read="true" write="true" create="false"/>
|
| </security>
| </attribute>
| </mbean>
|
In jbossmq-service.xml my SecurityManager:
| <mbean code="org.jboss.mq.security.SecurityManager"
name="jboss.mq:service=SecurityManager">
|
| <attribute name="SecurityDomain">java:/jaas/jbossmq</attribute>
|
| <depends
optional-attribute-name="NextInterceptor">jboss.mq:service=DestinationManager</depends>
| </mbean>
|
In login-config.xml I removed:
<module-option name = "unauthenticatedIdentity">guest</module-option>
|
so I've got:
| <!-- Security domain for JBossMQ -->
| <application-policy name = "jbossmq">
| <authentication>
| <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name =
"dsJndiName">java:/DefaultDS</module-option>
| <module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?</module-option>
| <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM
JMS_ROLES WHERE USERID=?</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
|
My simple test application:
| Hashtable properties = new Hashtable();
|
properties.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
| properties.put(Context.PROVIDER_URL, "jnp://localhost:1099");
| properties.put(Context.SECURITY_PRINCIPAL, "user");
| properties.put(Context.SECURITY_CREDENTIALS, "pass");
| properties.put(Context.URL_PKG_PREFIXES,
"org.jboss.naming:org.jnp.interfaces" );
|
| InitialContext iniCtx = new InitialContext(properties);
|
| Object tmp = iniCtx.lookup("ConnectionFactory");
| QueueConnectionFactory qcf = (QueueConnectionFactory) tmp;
| conn = qcf.createQueueConnection();
| que = (Queue) iniCtx.lookup("queue/testQueue");
| session = conn.createQueueSession(false,
QueueSession.AUTO_ACKNOWLEDGE);
| conn.start();
|
throws:
| Exception in thread "main" javax.jms.JMSSecurityException: User: null is
NOT authenticated
| at
org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:230)
| at
org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:66)
| at
org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:744)
| at
org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:302)
| at
org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:220)
| at
org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:396)
| at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:392)
| at
EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743)
| at java.lang.Thread.run(Thread.java:595)
|
TRACE from console:
| 15:54:40,870 DEBUG [SocketManager] Begin ReadTask.run
| 15:54:40,870 DEBUG [SocketManager] Begin WriteTask.run
| 15:54:40,870 DEBUG [SocketManager] Created ObjectOutputStream
| 15:54:40,901 DEBUG [SocketManager] Created ObjectInputStream
| 15:54:40,901 TRACE [jbossmq] Begin isValid, principal:null, cache info: null
| 15:54:40,901 TRACE [jbossmq] defaultLogin, principal=null
| 15:54:40,901 TRACE [jbossmq] Login failure
| javax.security.auth.login.FailedLoginException: No matching username found
in Principals
| at
org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:152)
| at
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:206)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
| at
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
| at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at
org.jboss.mq.security.SecurityManager.authenticate(SecurityManager.java:215)
| at
org.jboss.mq.security.ServerSecurityInterceptor.authenticate(ServerSecurityInterceptor.java:66)
| at
org.jboss.mq.server.TracingInterceptor.authenticate(TracingInterceptor.java:744)
| at
org.jboss.mq.server.JMSServerInvoker.authenticate(JMSServerInvoker.java:302)
| at
org.jboss.mq.il.uil2.ServerSocketManagerHandler.handleMsg(ServerSocketManagerHandler.java:220)
| at
org.jboss.mq.il.uil2.SocketManager$ReadTask.handleMsg(SocketManager.java:396)
| at org.jboss.mq.il.uil2.msgs.BaseMsg.run(BaseMsg.java:392)
| at
EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:743)
| at java.lang.Thread.run(Thread.java:595)
| 15:54:40,901 TRACE [jbossmq] End isValid, false
| 15:54:40,917 DEBUG [SocketManager] End WriteTask.run
| 15:54:40,917 DEBUG [ServerSocketManagerHandler] Exiting on IOE
| java.net.SocketException: socket closed
| at java.net.SocketInputStream.socketRead0(Native Method)
| at java.net.SocketInputStream.read(SocketInputStream.java:129)
| at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
| at java.io.BufferedInputStream.read(BufferedInputStream.java:235)
| at
org.jboss.util.stream.NotifyingBufferedInputStream.read(NotifyingBufferedInputStream.java:79)
| at
java.io.ObjectInputStream$PeekInputStream.peek(ObjectInputStream.java:2196)
| at
java.io.ObjectInputStream$BlockDataInputStream.readBlockHeader(ObjectInputStream.java:2376)
| at
java.io.ObjectInputStream$BlockDataInputStream.refill(ObjectInputStream.java:2443)
| at
java.io.ObjectInputStream$BlockDataInputStream.read(ObjectInputStream.java:2515)
| at
java.io.ObjectInputStream$BlockDataInputStream.readByte(ObjectInputStream.java:2664)
| at java.io.ObjectInputStream.readByte(ObjectInputStream.java:875)
| at
org.jboss.mq.il.uil2.SocketManager$ReadTask.run(SocketManager.java:317)
| at java.lang.Thread.run(Thread.java:595)
| 15:54:40,917 DEBUG [SocketManager] End ReadTask.run
|
|
My other EJB JAAS db authenticated stand-alone apps work fine.
Am I doing JASS authentication the right way?
Best regards,
Michal
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4008154#4008154
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4008154
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
