Cannot access a secure jms coordinated cache topic on JBoss AS [message #629071] |
Mon, 27 September 2010 05:27 |
David Messages: 4 Registered: September 2010 |
Junior Member |
|
|
Hello. I have an eclipselink coordinated cache set up nicely on a JBoss 5 server. Sadly though, I ran into a problem when I added a security constraint onto the cache topic. In my persistence.xml I had the two security properties in place:
eclipselink.cache.coordination.jndi.user
eclipselink.cache.coordination.jndi.password
However it would fail to authenticate with the message:
Exception [EclipseLink-22112] (Eclipse Persistence Services - 2.1.1.v20100817-r8050): org.eclipse.persistence.exceptions.RemoteCommandManagerException
Exception Description: Could not create local JMS connection with Topic jms/InternalCacheTopic, Topic Factory ConnectionFactory, and Context properties {java.naming.provider.url=jnp://localhost:1399, java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory, java.naming.security.principal=internalcache, dedicated.connection=true, java.naming.security.credentials=CB08261B4D0P9C669519CC0534BC924111E373D8D6BC00E7F21C15ED8D258Z25DDC048307AFA162A}
Internal Exception: javax.jms.JMSSecurityException: User: null is not authorized to read from destination InternalCacheTopic
at org.eclipse.persistence.exceptions.RemoteCommandManagerException.errorCreatingLocalJMSConnection(RemoteCommandManagerException.java:180)
at org.eclipse.persistence.sessions.coordination.jms.JMSPublishingTransportManager.createConnection(JMSPublishingTransportManager.java:75)
at org.eclipse.persistence.sessions.coordination.jms.JMSTopicTransportManager.createLocalConnection(JMSTopicTransportManager.java:46)
at org.eclipse.persistence.sessions.coordination.jms.JMSPublishingTransportManager.createConnections(JMSPublishingTransportManager.java:98)
at org.eclipse.persistence.sessions.coordination.RemoteCommandManager.initialize(RemoteCommandManager.java:148)
at org.eclipse.persistence.internal.sessions.DatabaseSessionImpl.postConnectDatasource(DatabaseSessionImpl.java:669)
at org.eclipse.persistence.internal.sessions.DatabaseSessionImpl.login(DatabaseSessionImpl.java:628)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryProvider.login(EntityManagerFactoryProvider.java:230)
at org.eclipse.persistence.internal.jpa.EntityManagerSetupImpl.deploy(EntityManagerSetupImpl.java:380)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.getServerSession(EntityManagerFactoryImpl.java:157)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManagerImpl(EntityManagerFactoryImpl.java:214)
at org.eclipse.persistence.internal.jpa.EntityManagerFactoryImpl.createEntityManager(EntityManagerFactoryImpl.java:202)
at org.jboss.jpa.deployment.ManagedEntityManagerFactory.createEntityManager(ManagedEntityManagerFactory.java:195)
at org.jboss.jpa.deployment.ManagedEntityManagerFactory.getTransactionScopedEntityManager(ManagedEntityManagerFactory.java:174)
at org.jboss.jpa.tx.TransactionScopedEntityManager.getEntityManager(TransactionScopedEntityManager.java:258)
at org.jboss.jpa.tx.TransactionScopedEntityManager.createNamedQuery(TransactionScopedEntityManager.java:144)
at com.mydomain.MyBean.mymethod(MyBean.java:78)
So the username and password are being read by eclipselink, it just doesn't seem to propogate them to JBoss.
I'm fairly sure this is a bug, but it could be I've missed out an important parameter. Incase it is a bug, I've temporarily solved this problem by compiling up a patch for eclipselink by changing org.eclipse.persistence.internal.sessions.coordination.jms.J MSTopicRemoteConnection's topicConnection instantiation to use the method that takes a username and password, instead of the no-args version:
this.topicConnection = topicConnectionFactory.createTopicConnection(userName, password);
I passed the username and password into the class from org.eclipse.persistence.sessions.coordination.jms.JMSPublish ingTransportManager by way of getUserName() and decrypt(getPassword()).
My coordinated cache is now a happy and secure coordinated cache If you could confirm/deny that this is indeed a bug, that would be appreciated.
Thanks,
David Green.
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03574 seconds