Weblogic Message Driven Bean reading from a secure

2019-04-15 05:49发布

站内问答 / 前沿技术
714 2 4

I have a MDB very simple which works fine as long as the queue from where it reads messages is not secured

After I secure the Queue with a username it can;t read messages anymore

@MessageDriven(mappedName = "DistributedQueueTest")

public class MdbReceiver implements MessageListener {
@Resource
private MessageDrivenContext mdc;

@Override
public void onMessage(Message inMessage) {
TextMessage msg = null;
try {
msg = (TextMessage) inMessage;
System.out.println("Test MdbReceiver Message received : " + msg.getText());
} catch (JMSException e) {
e.printStackTrace();
mdc.setRollbackOnly();
}
}

}

I tried with all kind of @RunAs annotations @weblogic.jws.security.RunAs(role="Joan",mapToPrincipal="ccc_user") where ccc_user is alowed to read messages from the queue

import javax.annotation.security.RunAs; @RunAs("SomeRole") gives me an error on deployment Unable to deploy EJB: MdbReceiver from mdbReceiver.jar: Expected role in mapping

Any idea how can i do this with annotations ? I tried even without annotations ...same the exeption in weblogic console is

weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=UNIV_REC_Module, destinationType=queue, resource=DistributedQueueTest, action=receive

Thank you

2条回答
叼着烟拽天下
2楼-- · 2019-04-15 06:06

If you annotate your MDB as follows it should work:

@MessageDriven(name = "MdbReceiver", mappedName = "DistributedQueueTest")
@DeclareRoles({"Loan"})
@RolesAllowed("Loan")
public class MdbReceiver implements MessageListener {
...
}
查看更多
0人赞 添加讨论(0) 举报
smile是对你的礼貌
3楼-- · 2019-04-15 06:08

I answer to my question cause i found a solution : The problem is that annotations or are buggy in weblogic or are not implemented as I expected.

Solution is to do this without annotations in old style

so MDB is:

public class MdbReceiver implements MessageListener ,MessageDrivenBean{

    MessageDrivenContext mdc;

    @Override
    public void onMessage(Message inMessage) {
        TextMessage msg = null;
        try {
            msg = (TextMessage) inMessage;
            System.out.println("qwerty1");
            System.out.println("Test MdbReceiver Message received : " + msg.getText());
        } catch (JMSException e) {
            e.printStackTrace();
            mdc.setRollbackOnly();
        }
    }
    @Override
    public void ejbRemove() throws EJBException {
        // TODO Auto-generated method stub

    }
    @Override
    public void setMessageDrivenContext(MessageDrivenContext mdc) throws EJBException {
        this.mdc = mdc;

    }
}

Then we need two other files: ejb-jar.xml

<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
    <enterprise-beans>
        <message-driven>
            <ejb-name>MdbReceiver</ejb-name>
            <ejb-class>mdb.receiver.MdbReceiver</ejb-class>
            <transaction-type>Container</transaction-type>
            <message-destination-type>javax.jms.Queue</message-destination-type>
            <security-identity>
                <run-as>
                    <role-name>Loan</role-name>
                </run-as>
            </security-identity>
        </message-driven>
    </enterprise-beans>
    <assembly-descriptor>       
         <security-role>
          <role-name>Loan</role-name>
         </security-role>       
        <container-transaction>
            <method>
                <ejb-name>MdbReceiver</ejb-name>
                <method-name>onMessage()</method-name>
            </method>
            <trans-attribute>Required</trans-attribute>
        </container-transaction>
    </assembly-descriptor>

</ejb-jar>

and

weblogic-ejb-jar.xml

<?xml version="1.0" encoding="UTF-8"?>
<weblogic-ejb-jar version="wls_10.3"
    xmlns="http://www.bea.com/ns/weblogic/weblogic-ejb-jar" xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-ejb-jar http://www.bea.com/ns/weblogic/weblogic-ejb-jar.xsd http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
    <weblogic-enterprise-bean>
        <ejb-name>MdbReceiver</ejb-name>
        <message-driven-descriptor>
            <destination-jndi-name>DistributedQueueTest</destination-jndi-name>
        </message-driven-descriptor>
    </weblogic-enterprise-bean>
    <security-role-assignment>
        <role-name>Loan</role-name>     
        <principal-name>test1234</principal-name>
    </security-role-assignment>

</weblogic-ejb-jar>

The role name does not matter as i can see the principal name is important. It needs to have the rights to read from the secured queue

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)