6 Replies Latest reply on Jun 4, 2003 7:26 PM by adrian.brock

    Security problem with own login-config

    hergaty

      Hello,

      I try to set the login-config for "jbossmq" to the same, that I use for my EJBs. I changed the login-config.xml to this:

      <application-policy name = "jbossmq">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/MySqlDS</module-option>
      <module-option name="principalsQuery">SELECT password FROM user_User WHERE login=? AND active=1</module-option>
      <module-option name="rolesQuery">SELECT ur.name, 'Roles' FROM user_User u LEFT JOIN user_UserRole ur ON u.id = ur.fk_user WHERE u.login=?</module-option>
      <module-option name="unauthenticatedIdentity">guest</module-option>
      </login-module>

      </application-policy>

      The queue is defined by this:


      <depends optional-attribute-name="DestinationManager">jboss.mq:service=DestinationManager
      <depends optional-attribute-name="SecurityManager">jboss.mq:service=SecurityManager








      The MDB itself has the following xdoclet tags:

      /**
      * @ejb.bean
      * type="MDB"
      * name="InfoMessageListener"
      * accnowledge-mode="AUTO_ACKNOWLEDGE"
      * destination-type="javax.jms.Queue"
      * @jboss.destination-jndi-name
      * name="queue/info/receiver"
      *
      * @ejb.security-identity
      * run-as="Internal"
      */

      Although the roles "Internal" and "guest" are allowed to do anything with the queue, I get this Exception all the time:

      Message: JMS provider failure detected:
      Location: org.jboss.ejb.plugins.jms.JMSContainerInvoker$ExceptionListenerImpl.onException(JMSContainerInvoker.java:1033)
      Thrown:
      javax.jms.JMSSecurityException: Connection not authorized to subscribe to destination: info/receiver
      at org.jboss.mq.security.ServerSecurityInterceptor.subscribe(ServerSecurityInterceptor.java:148)
      at org.jboss.mq.server.TracingInterceptor.subscribe(TracingInterceptor.java:677)
      at org.jboss.mq.server.JMSServerInvoker.subscribe(JMSServerInvoker.java:298)
      at org.jboss.mq.il.jvm.JVMServerIL.subscribe(JVMServerIL.java:315)
      at org.jboss.mq.Connection.addConsumer(Connection.java:1082)
      at org.jboss.mq.SpyConnectionConsumer.(SpyConnectionConsumer.java:73)
      at org.jboss.mq.SpyConnection.createConnectionConsumer(SpyConnection.java:113)
      at org.jboss.ejb.plugins.jms.JMSContainerInvoker.innerCreate(JMSContainerInvoker.java:536)
      at org.jboss.ejb.plugins.jms.JMSContainerInvoker.startService(JMSContainerInvoker.java:553)
      at org.jboss.ejb.plugins.jms.JMSContainerInvoker$ExceptionListenerImpl.onException(JMSContainerInvoker.java:1053)
      at org.jboss.ejb.plugins.jms.JMSContainerInvoker$1.run(JMSContainerInvoker.java:565)