All geek questions in one place

Jboss EAP 6.3: HQ119031: Failed to verify user: null

ERROR HQ224018: Failed to create session: HornetQException [errorType = SECURITY_EXCEPTION message = HQ119031: Failed to verify user: null]

When the Jboss EAP 6.3 server is about to receive a JMS message. I successfully authenticated using the remoting subsystem, so why is the user null? How to overcome this error?

+5
source share
2 answers

The EAP documentation binds you to:

(...) set allowClientLogin - true (...) If you want HornetQ to authenticate using redistributable security, then set authoriseOnClientLogin to true.

But due to the HORNETQ-883 error, you need to disable protection for messaging:

 <hornetq-server> <!-- â€Ļ --> <security-enabled>false</security-enabled> <!-- â€Ļ --> </hornetq-server>
+11
source

In short, if your JMS client connects from your JEE container and does not need to provide credentials to connect to the JMS (when calling factory.createConnection() ), then get the connections using the InVM Connector. The InVM connector does not require credentials when opening a JMS connection (since the caller is in the JVM instance, hence the name), but still provides security for remote JMS clients. Connectors and ConnectionFactories are configured in the urn:jboss:domain:messaging standalone.xml subsystem.

Otherwise, if you are not using Connector InVM with security enabled, you probably need to run the add-user script in [jboss-home]/bin to add the client credentials to the appilcation-users.properties file and provide these credentials when calling factory.createConnection(username, pwd) for remote and InVM clients connecting via remote operating systems.

Gory Details

In our JBoss EAP 6.4 instance, security must remain enabled for remote connections (outside the JVM), so our <security-settings> for HornetQ is specified accordingly. Therefore, the JMS ConnectionFactory determines the security level on which the Connector is configured.

 <hornetq-server> <connectors> <!-- additional connectors here --> ... <in-vm-connector name="in-vm" server-id="0"/> </connectors> <jms-connection-factories> <connection-factory name="InVmConnectionFactory"> <connectors> <connector-ref connector-name="in-vm"/> </connectors> <entries> <!-- JNDI bindings here --> <entry name="java:/ConnectionFactory" /> </entries> </connection-factory> ... </jms-connection-factories>

So, in the JMS client, apply the standard connecting boiler room:

 InitialContext context = new InitialContext(); javax.jms.ConnectionFactory factory = (ConnectionFactory) context.lookup("java:/ConnectionFactory");

and when creating the connection:

 javax.jms.Connection connection = factory.createConnection();

Transaction JMS

For transaction-related client connections in a container with JMS, our InVM ConnectionFactory is configured as follows:

 <jms-connection-factories> ... <pooled-connection-factory name="hornetq-ra"> <transaction mode="xa"/> <connectors> <connector-ref connector-name="in-vm"/> </connectors> <entries> <entry name="java:/JmsXA"/> </entries> </pooled-connection-factory> </jms-connection-factories>

Get the JMS ConnectionFactory transaction as such:

 InitialContext context = new InitialContext(); javax.jms.ConnectionFactory factory = (ConnectionFactory) context.lookup("java:/JmsXA");
0
source

Source: https://habr.com/ru/post/1204903/

More articles:


All Articles