Jboss EAP 6.3: HQ119031: Unable to validate user: null

匿名 (未验证) 提交于 2019-12-03 08:48:34

问题:

ERROR HQ224018: Failed to create session: HornetQException[errorType=SECURITY_EXCEPTION message=HQ119031: Unable to validate user: null]

When the Jboss EAP 6.3 server is about to receive JMS message. I have the user successfully authenticated by remoting subsystem so why the user is null? How to overcome this error?

回答1:

EAP documentation encorage you to:

(...) set allowClientLogin to true (...) If you would like HornetQ to authenticate using the propagated security then set the authoriseOnClientLogin to true also.

But due to HORNETQ-883 bug you have to turn off security for messaging:

<hornetq-server>   <!-- … -->   <security-enabled>false</security-enabled>   <!-- … --> </hornetq-server> 


回答2:

In short, if your JMS client is connecting from within your JEE container and have no need to supply credentials to connect to JMS (when calling factory.createConnection()), then obtain connections using the InVM Connector. The InVM Connector doesn't require credentials when opening a connection to JMS (since the caller is within the JVM instance, hence the name) but still enforces security for Remote JMS clients. Connectors and ConnectionFactories are configured in the urn:jboss:domain:messaging subsystem of standalone.xml.

Otherwise, if you don't use the InVM Connector with security enabled, you'll probably need to run the add-user script in [jboss-home]/bin to add client credentials to the appilcation-users.properties file and supply those credentials when calling factory.createConnection(username, pwd) for both Remote and InVM clients connecting via Remotely available factories.

Gory Details

In our JBoss EAP 6.4 instance, security needs to remain enabled for remote connections (outside the JVM) so our <security-settings> for HornetQ are specified appropriately. Consequently, the JMS ConnectionFactory dictates the level of security based on which Connector it is configured with.

<hornetq-server>   <connectors>     <!-- additional connectors here -->     ...     <in-vm-connector name="in-vm" server-id="0"/>   </connectors>   <jms-connection-factories>     <connection-factory name="InVmConnectionFactory">       <connectors>         <connector-ref connector-name="in-vm"/>       </connectors>       <entries>         <!-- JNDI bindings here -->         <entry name="java:/ConnectionFactory" />       </entries>     </connection-factory>     ...   </jms-connection-factories> 

So, in the JMS client apply the standard connection boiler-plate:

InitialContext context = new InitialContext(); javax.jms.ConnectionFactory factory = (ConnectionFactory) context.lookup("java:/ConnectionFactory"); 

and when creating the connection:

javax.jms.Connection connection = factory.createConnection(); 

Transacted JMS

For Transaction-aware in-container client connections to JMS, our InVM ConnectionFactory is configured like this:

<jms-connection-factories>   ...   <pooled-connection-factory name="hornetq-ra">     <transaction mode="xa"/>     <connectors>       <connector-ref connector-name="in-vm"/>     </connectors>     <entries>       <entry name="java:/JmsXA"/>     </entries>   </pooled-connection-factory> </jms-connection-factories> 

Obtain the transacted JMS ConnectionFactory as such:

InitialContext context = new InitialContext(); javax.jms.ConnectionFactory factory = (ConnectionFactory) context.lookup("java:/JmsXA"); 


标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!