Weblogic Message Driven Bean reading from a secured queue @RunAs does not work
I have a MDB very simple which works fine as long as the queue from where it reads messages is not secured
After I secure the Queue with a username it can;t read messages anymore
@MessageDriven(mappedName = "DistributedQueueTest")
public class MdbReceiver implements MessageListener {
@Resource
private MessageDrivenCo开发者_运维知识库ntext mdc;
@Override
public void onMessage(Message inMessage) {
TextMessage msg = null;
try {
msg = (TextMessage) inMessage;
System.out.println("Test MdbReceiver Message received : " + msg.getText());
} catch (JMSException e) {
e.printStackTrace();
mdc.setRollbackOnly();
}
}
}
I tried with all kind of @RunAs annotations
@weblogic.jws.security.RunAs(role="Joan",mapToPrincipal="ccc_user")
where ccc_user is alowed to read messages from the queue
import javax.annotation.security.RunAs;
@RunAs("SomeRole")
gives me an error on deployment
Unable to deploy EJB: MdbReceiver from mdbReceiver.jar: Expected role in mapping
Any idea how can i do this with annotations ? I tried even without annotations ...same the exeption in weblogic console is
weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=UNIV_REC_Module, destinationType=queue, resource=DistributedQueueTest, action=receive
Thank you
I answer to my question cause i found a solution : The problem is that annotations or are buggy in weblogic or are not implemented as I expected.
Solution is to do this without annotations in old style
so MDB is:
public class MdbReceiver implements MessageListener ,MessageDrivenBean{
MessageDrivenContext mdc;
@Override
public void onMessage(Message inMessage) {
TextMessage msg = null;
try {
msg = (TextMessage) inMessage;
System.out.println("qwerty1");
System.out.println("Test MdbReceiver Message received : " + msg.getText());
} catch (JMSException e) {
e.printStackTrace();
mdc.setRollbackOnly();
}
}
@Override
public void ejbRemove() throws EJBException {
// TODO Auto-generated method stub
}
@Override
public void setMessageDrivenContext(MessageDrivenContext mdc) throws EJBException {
this.mdc = mdc;
}
}
Then we need two other files: ejb-jar.xml
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
<enterprise-beans>
<message-driven>
<ejb-name>MdbReceiver</ejb-name>
<ejb-class>mdb.receiver.MdbReceiver</ejb-class>
<transaction-type>Container</transaction-type>
<message-destination-type>javax.jms.Queue</message-destination-type>
<security-identity>
<run-as>
<role-name>Loan</role-name>
</run-as>
</security-identity>
</message-driven>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>Loan</role-name>
</security-role>
<container-transaction>
<method>
<ejb-name>MdbReceiver</ejb-name>
<method-name>onMessage()</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
and
weblogic-ejb-jar.xml
<?xml version="1.0" encoding="UTF-8"?>
<weblogic-ejb-jar version="wls_10.3"
xmlns="http://www.bea.com/ns/weblogic/weblogic-ejb-jar" xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-ejb-jar http://www.bea.com/ns/weblogic/weblogic-ejb-jar.xsd http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
<weblogic-enterprise-bean>
<ejb-name>MdbReceiver</ejb-name>
<message-driven-descriptor>
<destination-jndi-name>DistributedQueueTest</destination-jndi-name>
</message-driven-descriptor>
</weblogic-enterprise-bean>
<security-role-assignment>
<role-name>Loan</role-name>
<principal-name>test1234</principal-name>
</security-role-assignment>
</weblogic-ejb-jar>
The role name does not matter as i can see the principal name is important. It needs to have the rights to read from the secured queue
If you annotate your MDB as follows it should work:
@MessageDriven(name = "MdbReceiver", mappedName = "DistributedQueueTest")
@DeclareRoles({"Loan"})
@RolesAllowed("Loan")
public class MdbReceiver implements MessageListener {
...
}
精彩评论