As far as our security requirements on the MDB, I was going to start with
using run-as to specify a particular role in order to allow the MDB to
execute business logic encapsulated entirely in session beans. Going
forward, I'd like to explore programmatically setting the principal. The
latter is not an immediate requirement.
The trouble I've run into is that I can't get the MDB to run at all when
it's deployed within an application that has security enabled. I've tried
every combination of method permissions and such that I can think of, but to
no avail. Right now, I'll be happy if I can have declarative security on all
the session beans but disable all security on the MDBs. Any thoughts on how
to get around this?
Thanks!
Brian
FROM: Scott M Stark
DATE: 07/18/2001 19:27:32
MDBs can't be secured currently using the standard JAAS based security
manager because there is no principal associated with the message that
is delivered to onMessage. The 2.4 beta has support for mapping anonymous
users to a principal as well as support for setting the role the MDB will
run as when invoking methods on other EJBs.
What are the security requirements for you MDB?
----- Original Message -----
From: Brian Sondergaard <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: Brian Sondergaard <[EMAIL PROTECTED]>
Sent: Wednesday, July 18, 2001 9:28 PM
Subject: MDB Security: authentication exception on container call to
onMessage()?
>
> I'm stumped... I get the following exception when a message is sent to a
> queue on which a message driven bean is listening. Security is working
very
> well in every other regard, but it appears that MessageDrivenContainer
winds
> up with a Authentication Exception when trying to call the onMessage()
> method of my bean (all is well if I take security out of the DD). I'm sure
> there's a configuration step I've omitted, but I'm pulling my hair out at
> this point. Any help is greatly appreciated!
>
> The Exception:
>
> [MyMessageBean] Authentication exception, principal=null
> [Container factory] Exception in JMSCI message listener: :
> java.rmi.RemoteException: checkSecurityAssociation; nested ex
> ception is:
> java.lang.SecurityException: Authentication exception,
> principal=null
> [Container factory] java.rmi.RemoteException: checkSecurityAssociation;
> nested exception is:
> java.lang.SecurityException: Authentication exception,
> principal=null
> [Container factory] java.lang.SecurityException: Authentication exception,
> principal=null
> [Container factory] at
>
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityI
> nterceptor.java:213)
> [Container factory] at
>
org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:16
> 9)
> [Container factory] at
> org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:195)
> [Container factory] at
>
org.jboss.ejb.MessageDrivenContainer.invoke(MessageDrivenContainer.java:264)
> [Container factory] at
>
org.jboss.ejb.plugins.jms.JMSContainerInvoker.invoke(JMSContainerInvoker.jav
> a:151)
> [Container factory] at
>
org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(
> JMSContainerInvok
> er.java:448)
> [Container factory] at
> org.jbossmq.SpyMessageConsumer.deliverMessage(SpyMessageConsumer.java:294)
> [Container factory] at org.jbossmq.SpySession.run(SpySession.java:236)
> [Container factory] at
> org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:131)
> [Container factory] at
> org.jboss.jms.asf.ThreadPool$Worker.run(ThreadPool.java:128)
>
> From jboss.xml
> <message-driven>
> <ejb-name>MyMessageBean</ejb-name>
> <configuration-name>Standard Message Driven
> Bean</configuration-name>
> <destination-jndi-name>queue/myMessage</destination-jndi-name>
> </message-driven>
>
> From auth.conf:
> org.jboss.security.auth.spi.DatabaseServerLoginModule required
> dsJndiName="java:/EIP_DS"
> principalsQuery="select UP_PASSWORD from USERPROFILE where UP_ID=?"
> rolesQuery="select ROLE_ID, 'Roles' from ROLE where UP_ID=?"
>
> This is running a standard configuration of JBoss-2.2.2_Tomcat-3.2.2.
>
> Thanks for your help!
>
> Brian
>
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
