Bug 802444

Summary: RichFaces Showcase - JMS Push: HornetQ JMS connection is secured by default
Product: [Retired] JBoss Enterprise WFK Platform 2 Reporter: Karel Piwko <kpiwko>
Component: RichFaces, ExamplesAssignee: Brian Leathem <bleathem>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Pavol Pitonak <ppitonak>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.0.0CC: irooskov, lfryc, misty, mnovotny, myarboro
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Both the default installation of JBoss Enterprise Application Platform and JMS Push, which is required by the RichFaces Showcase example, are secured by default. To deploy the application, you must add a user to a secured ApplicationRealm by using the following procedure: 1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat or add-user.sh script, with the guest role. 2. Modify web.xml in the RichFaces Showcase. Replace ${username} and ${password} with actual credentials. The XML containing the two replaceable values is shown below. <context-param> <param-name>org.richfaces.push.jms.connectionUsername</param-name> <param-value>${username}</param-value> </context-param> <context-param> <param-name>org.richfaces.push.jms.connectionPassword</param-name> <param-value>${password}</param-value> </context-param> After adding the user to the ApplicationRealm and adding the credentials to the applications's web.xml, the application will work correctly.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-09 14:07:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karel Piwko 2012-03-12 14:54:30 UTC 
Description of problem:

Users trying to deploy RichFaces Showcase example will likely experience following error:


Version-Release number of selected component (if applicable):

Showcase.

How reproducible:

Always.

Steps to Reproduce:
1. Build RichFaces Showacase: mvn clean package -Pjbas7
2. Deploy RichFaces Showcase to a standard standalone-full.xml based profile.
  
Actual results:

15:53:24,302 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Thread-2 (HornetQ-remoting-threads-HornetQServerImpl::serverUUID=18634602-6c53-11e1-92e1-525400a7d082-1153720146-944645059)) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:269) [picketbox-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155) [picketbox-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_27]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_27]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_27]
        at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_27]
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_27]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.as.messaging.HornetQSecurityManagerAS7.validateUser(HornetQSecurityManagerAS7.java:39) [jboss-as-messaging-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1]
        at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:134) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.server.impl.HornetQServerImpl.createSession(HornetQServerImpl.java:807) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handleCreateSession(HornetQPacketHandler.java:187) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handlePacket(HornetQPacketHandler.java:85) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:508) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:556) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:517) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:533) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.remoting.impl.invm.InVMConnection$1.run(InVMConnection.java:166) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.utils.OrderedExecutorFactory$OrderedExecutor$1.run(OrderedExecutorFactory.java:100) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_27]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_27]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_27]

15:53:24,319 INFO  [org.hibernate.dialect.Dialect] (MSC service thread 1-2) HHH000400: Using dialect: org.hibernate.dialect.HSQLDialect
15:53:24,329 INFO  [org.hibernate.engine.transaction.internal.TransactionFactoryInitiator] (MSC service thread 1-2) HHH000268: Transaction strategy: org.hibernate.engine.transaction.internal.jdbc.JdbcTransactionFactory
15:53:24,330 INFO  [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (MSC service thread 1-2) HHH000397: Using ASTQueryTranslatorFactory
15:53:24,334 ERROR [org.hornetq.core.protocol.core.impl.HornetQPacketHandler] (Thread-2 (HornetQ-remoting-threads-HornetQServerImpl::serverUUID=18634602-6c53-11e1-92e1-525400a7d082-1153720146-944645059)) Failed to create session : HornetQException[errorCode=105 message=Unable to validate user: guest]
        at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:147) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.server.impl.HornetQServerImpl.createSession(HornetQServerImpl.java:807) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handleCreateSession(HornetQPacketHandler.java:187) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handlePacket(HornetQPacketHandler.java:85) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:508) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:556) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:517) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:533) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.remoting.impl.invm.InVMConnection$1.run(InVMConnection.java:166) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.utils.OrderedExecutorFactory$OrderedExecutor$1.run(OrderedExecutorFactory.java:100) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_27]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_27]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_27]

15:53:24,340 INFO  [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-2) HHH000227: Running hbm2ddl schema export
15:53:24,350 SEVERE [org.richfaces.demo.push.MessageProducerRunnable] (MessageProducerThread) javax.faces.FacesException: Unable to validate user: guest: com.google.common.collect.ComputationException: javax.faces.FacesException: Unable to validate user: guest
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingMapAdapter.get(ComputingConcurrentHashMap.java:397) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl.createTopic(JMSTopicsContextImpl.java:281) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.TopicsContext.getOrCreateTopic(TopicsContext.java:48) [richfaces-core-api-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.TopicsContext.publish(TopicsContext.java:69) [richfaces-core-api-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.demo.push.TopicsContextMessageProducer.sendMessage(TopicsContextMessageProducer.java:46) [classes:]
        at org.richfaces.demo.push.MessageProducerRunnable.run(MessageProducerRunnable.java:57) [classes:]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_27]
Caused by: javax.faces.FacesException: Unable to validate user: guest
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$1.apply(JMSTopicsContextImpl.java:207) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$1.apply(JMSTopicsContextImpl.java:195) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingValueReference.compute(ComputingConcurrentHashMap.java:355) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.compute(ComputingConcurrentHashMap.java:184) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.getOrCompute(ComputingConcurrentHashMap.java:153) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap.getOrCompute(ComputingConcurrentHashMap.java:69) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingMapAdapter.get(ComputingConcurrentHashMap.java:393) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        ... 6 more
Caused by: javax.jms.JMSSecurityException: Unable to validate user: guest
        at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:312)
        at org.hornetq.core.client.impl.ClientSessionFactoryImpl.createSessionInternal(ClientSessionFactoryImpl.java:780)
        at org.hornetq.core.client.impl.ClientSessionFactoryImpl.createSession(ClientSessionFactoryImpl.java:279)
        at org.hornetq.jms.client.HornetQConnection.authorize(HornetQConnection.java:601)
        at org.hornetq.jms.client.HornetQConnectionFactory.createConnectionInternal(HornetQConnectionFactory.java:684)
        at org.hornetq.jms.client.HornetQConnectionFactory.createConnection(HornetQConnectionFactory.java:119)
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$JMSTopicContext.createConnection(JMSTopicsContextImpl.java:99) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$JMSTopicContext.start(JMSTopicsContextImpl.java:123) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$1.apply(JMSTopicsContextImpl.java:199) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        ... 12 more
Caused by: HornetQException[errorCode=105 message=Unable to validate user: guest]
        ... 21 more


Expected results:

It gets deployed.

Additional info:
Comment 1 Karel Piwko 2012-03-12 15:02:02 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The default installation of JBoss Enterprise Application Platform comes secured by default. RichFaces Showcase example uses JMS Push functionality, which is secured as well.

Users wishing to deploy the application needs to do one of the following additional configurations:

1/ Add an user to via ApplicationRealm via $JBOSS_HOME/bin/add-user.bat/sh script into roles guest. 

2/ Modify web.xml in the RichFaces Showcase to contain created credentials, e.g.:

    <context-param>
        <param-name>org.richfaces.push.jms.connectionUsername</param-name>
        <param-value>guest</param-value>
    </context-param>
    <context-param>
        <param-name>org.richfaces.push.jms.connectionPassword</param-name>
        <param-value>password</param-value>
    </context-param>

The other way is to disable security for HornetQ completely.
Comment 2 Rebecca Newton 2012-03-13 04:51:29 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,18 +1,6 @@
-The default installation of JBoss Enterprise Application Platform comes secured by default. RichFaces Showcase example uses JMS Push functionality, which is secured as well.
+Both the default installation of JBoss Enterprise Application Platform and JMS Push, which is required by RichFaces Showcase example, are secured by default. To deploy the application, choose one of the following options:
 
-Users wishing to deploy the application needs to do one of the following additional configurations:
+1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat/sh script, with the role: guest.
-
+2. Modify web.xml in the RichFaces Showcase to contain created credentials:
-1/ Add an user to via ApplicationRealm via $JBOSS_HOME/bin/add-user.bat/sh script into roles guest. 
+adkslfjasdfk
-
+3. Disable security for HornetQ completely.-2/ Modify web.xml in the RichFaces Showcase to contain created credentials, e.g.:
-
-    <context-param>
-        <param-name>org.richfaces.push.jms.connectionUsername</param-name>
-        <param-value>guest</param-value>
-    </context-param>
-    <context-param>
-        <param-name>org.richfaces.push.jms.connectionPassword</param-name>
-        <param-value>password</param-value>
-    </context-param>
-
-The other way is to disable security for HornetQ completely.
Comment 3 Rebecca Newton 2012-03-13 04:53:38 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -2,5 +2,11 @@
 
 1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat/sh script, with the role: guest.
 2. Modify web.xml in the RichFaces Showcase to contain created credentials:
-adkslfjasdfk
+<context-param>
+-        <param-name>org.richfaces.push.jms.connectionUsername</param-name>        <param-value>guest</param-value>
+   </context-param>
+   <context-param>
+       <param-name>org.richfaces.push.jms.connectionPassword</param-name>
+      <param-value>password</param-value>
+   </context-param>
 3. Disable security for HornetQ completely.
Comment 4 Karel Piwko 2012-03-14 12:49:10 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,12 +1,14 @@
-Both the default installation of JBoss Enterprise Application Platform and JMS Push, which is required by RichFaces Showcase example, are secured by default. To deploy the application, choose one of the following options:
+Both the default installation of JBoss Enterprise Application Platform and JMS Push, which is required by RichFaces Showcase example, are secured by default. To deploy the application, you have add an user to a secured ApplicationRealm via following commands:
 
-1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat/sh script, with the role: guest.
-2. Modify web.xml in the RichFaces Showcase to contain created credentials:
+1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat or add-user.sh script, with the role: guest. 
+
+2. Modify web.xml in the RichFaces Showcase. Replace ${username} and ${password} with actual credentials.
+
 <context-param>
--        <param-name>org.richfaces.push.jms.connectionUsername</param-name>        <param-value>guest</param-value>
+        <param
+name>org.richfaces.push.jms.connectionUsername</param-name>        <param-value>${username}</param-value>
    </context-param>
    <context-param>
        <param-name>org.richfaces.push.jms.connectionPassword</param-name>
-      <param-value>password</param-value>
+      <param-value>${password}</param-value>
-   </context-param>
+   </context-param>-3. Disable security for HornetQ completely.
Comment 7 JBoss JIRA Server 2012-03-14 13:28:24 UTC 
Karel Piwko <kpiwko> made a comment on jira RF-11983

Lukas, can you change default password to be different than username? AS7 does not allow you have password the same as username.
Comment 8 JBoss JIRA Server 2012-03-14 22:17:41 UTC 
Lukáš Fryč <lfryc> made a comment on jira RF-11983

Hi Karel, it does make sense, I have opened RF-12048.
Comment 9 JBoss JIRA Server 2012-03-14 22:19:21 UTC 
Lukáš Fryč <lfryc> made a comment on jira RF-11983

Additionally we can try to workaround this issue - to make the example deployable without any configuration out-of-the-box.
Comment 10 JBoss JIRA Server 2012-03-14 22:20:04 UTC 
Lukáš Fryč <lfryc> made a comment on jira RF-11983

Additionally we can try to workaround this issue - to make the example deployable without any configuration out-of-the-box.

We can achieve it by configuring the JMS (adding user) using DMR interface.
Comment 11 JBoss JIRA Server 2012-03-14 22:20:17 UTC 
Lukáš Fryč <lfryc> made a comment on jira RF-11983

Additionally we can try to workaround this issue - to make the example deployable without any configuration out-of-the-box.

We can achieve it by configuring the JMS (adding user) using DMR interface (the same already used for topic creation).
Comment 12 JBoss JIRA Server 2012-03-26 13:09:36 UTC 
Juraj Huska <jhuska> made a comment on jira RF-11983

The behavior is the same when deploying on _JBoss AS 6.0.0.Final_.

I have used similar workaround when I have set to:
_JBOSS_HOME/server/default/deploy/hornetq/hornetq-configuration.xml_

the same property: _<security-enabled>false</security-enabled>_
Comment 13 Marek Novotny 2012-05-31 12:23:11 UTC 
Is this issue for only a technical note or real fix is somewhere needed? I can see that upstream issue is not resolved and postponed to 4.3.
Comment 15 JBoss JIRA Server 2012-06-01 06:49:45 UTC 
Karel Piwko <kpiwko> made a comment on jira RF-11983

Test comment.
Comment 17 Marek Novotny 2012-09-25 07:48:16 UTC 
Brian,

 what do we do with this issue? Still only documented issue?
Comment 18 Brian Leathem 2012-10-11 17:26:19 UTC 
Currently we have to document the required steps to workaround the auth requirement.

Lukas has proposed an automation of this using the DMR interface.  While this would work, we have to keep in mind we now have a completely non-portable solution here, and this only brings us further in a non-portable direction.

An alternative workaround is to remove the JMS integration from the showcase altogether.  We can have a specific dev-example to demonstrate JMS/Push integration.  This would also improve the portability of the showcase.
Comment 19 Marek Novotny 2012-11-06 17:01:20 UTC 
changing status as this is now only documentation issue and the solution will be provided in future.
Comment 22 JBoss JIRA Server 2014-02-26 10:57:39 UTC 
Lukáš Fryč <lfryc> updated the status of jira RF-11983 to Resolved