MDBs can't be secured currently using the standard JAAS based security
manager because there is no principal associated with the message that
is delivered to onMessage. The 2.4 beta has support for mapping anonymous
users to a principal as well as support for setting the role the MDB will
run as when invoking methods on other EJBs.
What are the security requirements for you MDB?
----- Original Message -----
From: "Brian Sondergaard" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "Brian Sondergaard" <[EMAIL PROTECTED]>
Sent: Wednesday, July 18, 2001 6:28 PM
Subject: [JBoss-user] MDB Security: authentication exception on container call to
onMessage()?
>
> I'm stumped... I get the following exception when a message is sent to a
> queue on which a message driven bean is listening. Security is working very
> well in every other regard, but it appears that MessageDrivenContainer winds
> up with a Authentication Exception when trying to call the onMessage()
> method of my bean (all is well if I take security out of the DD). I'm sure
> there's a configuration step I've omitted, but I'm pulling my hair out at
> this point. Any help is greatly appreciated!
>
> The Exception:
>
> [MyMessageBean] Authentication exception, principal=null
> [Container factory] Exception in JMSCI message listener: :
> java.rmi.RemoteException: checkSecurityAssociation; nested ex
> ception is:
> java.lang.SecurityException: Authentication exception,
> principal=null
> [Container factory] java.rmi.RemoteException: checkSecurityAssociation;
> nested exception is:
> java.lang.SecurityException: Authentication exception,
> principal=null
> [Container factory] java.lang.SecurityException: Authentication exception,
> principal=null
> [Container factory] at
> org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityI
> nterceptor.java:213)
> [Container factory] at
> org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:16
> 9)
> [Container factory] at
> org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:195)
> [Container factory] at
> org.jboss.ejb.MessageDrivenContainer.invoke(MessageDrivenContainer.java:264)
> [Container factory] at
> org.jboss.ejb.plugins.jms.JMSContainerInvoker.invoke(JMSContainerInvoker.jav
> a:151)
> [Container factory] at
> org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(
> JMSContainerInvok
> er.java:448)
> [Container factory] at
> org.jbossmq.SpyMessageConsumer.deliverMessage(SpyMessageConsumer.java:294)
> [Container factory] at org.jbossmq.SpySession.run(SpySession.java:236)
> [Container factory] at
> org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:131)
> [Container factory] at
> org.jboss.jms.asf.ThreadPool$Worker.run(ThreadPool.java:128)
>
> From jboss.xml
> <message-driven>
> <ejb-name>MyMessageBean</ejb-name>
> <configuration-name>Standard Message Driven
> Bean</configuration-name>
> <destination-jndi-name>queue/myMessage</destination-jndi-name>
> </message-driven>
>
> From auth.conf:
> org.jboss.security.auth.spi.DatabaseServerLoginModule required
> dsJndiName="java:/EIP_DS"
> principalsQuery="select UP_PASSWORD from USERPROFILE where UP_ID=?"
> rolesQuery="select ROLE_ID, 'Roles' from ROLE where UP_ID=?"
>
> This is running a standard configuration of JBoss-2.2.2_Tomcat-3.2.2.
>
> Thanks for your help!
>
> Brian
>
>
> _______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-user
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
