8 Replies Latest reply on Aug 17, 2007 11:10 AM by Mete Atamel

    FDS +Jboss + JMS authentication

    rbraito
      Hi everybody!

      I'm using Flex Data Services (2.0.1 und 3 Beta) in JBoss 4.0.5 plus Tibco EMS as JMS server, which has authentication enabled and gets JNDI requests forwarded from JBoss.

      The Flash application in question has to receive JMS text messages from a non-secured topic in an non-durable subscription.

      It should use an account on th JMS server which has the right to subscribe, but is not in the administrator group.


      I'm using a mx:consumer tag, which gets initialize in an initApp() fucntion which gets called via "mx:application creationComplete" event.

      //subscribe to JMS topic
      consumer1.setRemoteCredentials("username","pwd");
      consumer1.subscribe();

      In messaging-config.xml i have the follwoing destination configured:

      <destination id="EMSTest-jms">
      <properties>
      <jms>
      <message-type>javax.jms.TextMessage</message-type>
      <connection-factory>TopicConnectionFactory</connection-factory>
      <destination-jndi-name>topic.EMSTest</destination-jndi-name>
      <delivery-mode>NON_PERSISTENT</delivery-mode>
      <message-priority>DEFAULT_PRIORITY</message-priority>
      <acknowledge-mode>AUTO_ACKNOWLEDGE</acknowledge-mode>
      <transacted-sessions>false</transacted-sessions>
      <initial-context-environment>
      <property>
      <name>Context.SECURITY_PRINCIPAL</name>
      <value>username</value>
      </property>
      <property>
      <name>Context.SECURITY_CREDENTIALS</name>
      <value>pwd</value>
      </property>
      <property>
      <name>Context.PROVIDER_URL</name>
      <value>tibjmsnaming://someip:7222</value>
      </property>
      <property>
      <name>Context.INITIAL_CONTEXT_FACTORY</name>
      <value>com.tibco.tibjms.naming.TibjmsInitialContextFactory</value>
      </property>
      </initial-context-environment>
      </jms>
      </properties>
      <channels>
      <channel ref="my-rtmp"/>
      <channel ref="my-amf"/>
      </channels>
      <adapter ref="jms"/>
      </destination>

      Now, during appliaction launch i get the following error message from the JMS server:

      "invalid passwort or username"

      Since the configured values are valid, this doesn't make sense, therefore i routed the JMS calls through tcpproxy.

      tcp proxy shows three communications per consumer.subscribe() call:

      two JNDI calls to the server (maybe to get the connection and the topic), which use the correct username/password

      and a third call (maybe to actually subscribe to the topic) which use username=anonymous and some other password

      So, actually the JMS server has every right to complain, but why is FDS using a different username/password for the last call???

      Where do i configure those values???

      Furthermore, the only location, where a username "anonymous" is configured in the whole system, is in JBoss as default unauthorized username in server.xml....


      Thanks a lot for any help!