6 Replies Latest reply on Nov 30, 2017 5:05 AM by irfan.dogar

    Call from MDB to SSB is always anonymous

    quvad

      Hello! I ask for your help or advice.

       

      Got problem with JBoss AS7 / EAP6. In MDB, when I lookup for SSB and call its method, the call is always anonymous, i.e. in SSB sessionContext.getCallerPrincipal() returns Principal(anonymous). Always... In AS5 everything was fine.

       

      How can I fix it to make a call with an authenticated user?

       

      My MDB:

       

      @MessageDriven(activationConfig = {

              @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue"),

              @ActivationConfigProperty(propertyName = "destination", propertyValue = "queue/piQueue"),

              @ActivationConfigProperty(propertyName = "dLQMaxResent", propertyValue = "3")

      })

      @SecurityDomain("mySecurityDomain")

      public class PIMessageBean implements MessageListener {

      ...

          //subject always anonymous...

          Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");

       

          PIManager pim = lookupPIManager();

          pim.getPIs(); //call is anonymous

      ...

      }

       

      My queue settings:

       

      <subsystem xmlns="urn:jboss:domain:messaging:1.2">

          <hornetq-server>

          ...

              <jms-destinations>

                  <jms-queue name="piQueue">

                      <entry name="queue/piQueue"/>

                      <entry name="java:jboss/exported/jms/queue/piQueue"/>

                  </jms-queue>

              </jms-destinations>

              <security-domain>mySecurityDomain</security-domain>

          </hornetq-server>

      </subsystem>

       

      My Security Domain:

       

      <security-domain name="mySecurityDomain" cache-type="default">

          <authentication>

              <login-module code="com.qu.vad.CustomUsernamePasswordLoginModule" flag="required">

              </login-module>

          </authentication>

      </security-domain>

        • 1. Re: Call from MDB to SSB is always anonymous
          wdfink

          With AS7 the bahaviour is different.

          How does your lookup code look like? What is the difference between AS5 and AS7? I mean which user is used in AS5.

          • 2. Re: Call from MDB to SSB is always anonymous
            sfcoy

            Hi there,

             

            What does

            {quote}Always... In AS5 everything was fine{quote}

            mean?

             

            It's normal for message driven beans to execute without any particular user identity, hence the "anonymous" principal that you're getting. There is a JBossAS extension that allow you to specify a different "run-as-principal" in the jboss-ejb3.xml file, but it will be that constant value every time.

             

            If you need to call the SSB with multiple use identities then you'll need to do a JAAS login first.

            1 of 1 people found this helpful
            • 3. Re: Call from MDB to SSB is always anonymous
              quvad

              Thank you for hints. Solved the problem by doing JAAS login in MDB.

              • 4. Re: Call from MDB to SSB is always anonymous
                a.d.jbpm

                Hi,

                Could you please post your JAAS login you performed in your MDB?

                 

                Thanks,

                 

                Sam

                • 5. Re: Call from MDB to SSB is always anonymous
                  nehan.dogar

                  How you have done JAAS login, can you please post some code snippets?

                  • 6. Re: Call from MDB to SSB is always anonymous
                    irfan.dogar

                    Just posting the sample code of jaas login for completeness:

                     

                    CallbackHandler handler = new MyCallbackHandler(customUsername, customPassword);

                    try {

                           LoginContext loginContext = new LoginContext("mysecurity-domain", handler);

                                loginContext.login();

                                subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");

                    } catch (Exception e) {

                                LOG.error("Can't login");

                    }



                    or use loginContext.getSubject() subject is null from PolicyContext.