Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EclipseLink » Cannot access a secure jms coordinated cache topic on JBoss AS(specified username and password parameters don't make it through to JBoss)
Cannot access a secure jms coordinated cache topic on JBoss AS [message #629071] Mon, 27 September 2010 05:27 Go to next message
David  is currently offline David Friend
Messages: 4
Registered: September 2010
Junior Member
Hello. I have an eclipselink coordinated cache set up nicely on a JBoss 5 server. Sadly though, I ran into a problem when I added a security constraint onto the cache topic. In my persistence.xml I had the two security properties in place:
eclipselink.cache.coordination.jndi.user
eclipselink.cache.coordination.jndi.password

However it would fail to authenticate with the message:

Exception [EclipseLink-22112] (Eclipse Persistence Services - 2.1.1.v20100817-r8050): org.eclipse.persistence.exceptions.RemoteCommandManagerException

Exception Description: Could not create local JMS connection with Topic jms/InternalCacheTopic, Topic Factory ConnectionFactory, and Context properties {java.naming.provider.url=jnp://localhost:1399, java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory, java.naming.security.principal=internalcache, dedicated.connection=true, java.naming.security.credentials=CB08261B4D0P9C669519CC0534BC924111E373D8D6BC00E7F21C15ED8D258Z25DDC048307AFA162A}

Internal Exception: javax.jms.JMSSecurityException: User: null is not authorized to read from destination InternalCacheTopic

    at org.eclipse.persistence.exceptions.RemoteCommandManagerException.errorCreatingLocalJMSConnection(RemoteCommandManagerException.java:180)

    at org.eclipse.persistence.sessions.coordination.jms.JMSPublishingTransportManager.createConnection(JMSPublishingTransportManager.java:75)

    at org.eclipse.persistence.sessions.coordination.jms.JMSTopicTransportManager.createLocalConnection(JMSTopicTransportManager.java:46)

    at org.eclipse.persistence.sessions.coordination.jms.JMSPublishingTransportManager.createConnections(JMSPublishingTransportManager.java:98)

    at org.eclipse.persistence.sessions.coordination.RemoteCommandManager.initialize(RemoteCommandManager.java:148)

    at org.eclipse.persistence.internal.sessions.DatabaseSessionImpl.postConnectDatasource(DatabaseSessionImpl.java:669)

    at org.eclipse.persistence.internal.sessions.DatabaseSessionImpl.login(DatabaseSessionImpl.java:628)

    at org.eclipse.persistence.internal.jpa.EntityManagerFactoryProvider.login(EntityManagerFactoryProvider.java:230)

    at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.deploy(EntityManagerSetupImpl.java:380)

    at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.getServerSession(EntityManagerFactoryImpl.java:157)

    at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManagerImpl(EntityManagerFactoryImpl.java:214)

    at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:202)

    at org.jboss.jpa.deployment.ManagedEntityManagerFactory.createEntityManager(ManagedEntityManagerFactory.java:195)

    at org.jboss.jpa.deployment.ManagedEntityManagerFactory.getTransactionScopedEntityManager(ManagedEntityManagerFactory.java:174)

    at org.jboss.jpa.tx.TransactionScopedEntityManager.getEntityManager(TransactionScopedEntityManager.java:258)

    at org.jboss.jpa.tx.TransactionScopedEntityManager.createNamedQuery(TransactionScopedEntityManager.java:144)

    at com.mydomain.MyBean.mymethod(MyBean.java:78)


So the username and password are being read by eclipselink, it just doesn't seem to propogate them to JBoss.

I'm fairly sure this is a bug, but it could be I've missed out an important parameter. Incase it is a bug, I've temporarily solved this problem by compiling up a patch for eclipselink by changing org.eclipse.persistence.internal.sessions.coordination.jms.J MSTopicRemoteConnection's topicConnection instantiation to use the method that takes a username and password, instead of the no-args version:

this.topicConnection = topicConnectionFactory.createTopicConnection(userName, password);


I passed the username and password into the class from org.eclipse.persistence.sessions.coordination.jms.JMSPublish ingTransportManager by way of getUserName() and decrypt(getPassword()).

My coordinated cache is now a happy and secure coordinated cache Smile If you could confirm/deny that this is indeed a bug, that would be appreciated.

Thanks,

David Green.
Re: Cannot access a secure jms coordinated cache topic on JBoss AS [message #629249 is a reply to message #629071] Mon, 27 September 2010 15:30 Go to previous messageGo to next message
James Sutherland is currently offline James SutherlandFriend
Messages: 1939
Registered: July 2009
Location: Ottawa, Canada
Senior Member

There is an existing bug logged for this, please vote for it,

https://bugs.eclipse.org/bugs/show_bug.cgi?id=254287


James : Wiki : Book : Blog : Twitter
Re: Cannot access a secure jms coordinated cache topic on JBoss AS [message #629275 is a reply to message #629249] Mon, 27 September 2010 16:12 Go to previous message
David  is currently offline David Friend
Messages: 4
Registered: September 2010
Junior Member
Thanks James.

Vote++
Previous Topic:EclipseLink logging to file - append instead of overwrite
Next Topic:EclipseLink as ActiveMQ persistence adapter?
Goto Forum:
  


Current Time: Fri Nov 21 02:32:32 GMT 2014

Powered by FUDForum. Page generated in 0.01631 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software