Bug 802444 - RichFaces Showcase - JMS Push: HornetQ JMS connection is secured by default
RichFaces Showcase - JMS Push: HornetQ JMS connection is secured by default
Status: CLOSED INSUFFICIENT_DATA
Product: JBoss Enterprise WFK Platform 2
Classification: JBoss
Component: RichFaces, Examples (Show other bugs)
2.0.0
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Brian Leathem
Pavol Pitonak
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-12 10:54 EDT by Karel Piwko
Modified: 2014-02-26 05:57 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Both the default installation of JBoss Enterprise Application Platform and JMS Push, which is required by the RichFaces Showcase example, are secured by default. To deploy the application, you must add a user to a secured ApplicationRealm by using the following procedure: 1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat or add-user.sh script, with the guest role. 2. Modify web.xml in the RichFaces Showcase. Replace ${username} and ${password} with actual credentials. The XML containing the two replaceable values is shown below. <context-param> <param-name>org.richfaces.push.jms.connectionUsername</param-name> <param-value>${username}</param-value> </context-param> <context-param> <param-name>org.richfaces.push.jms.connectionPassword</param-name> <param-value>${password}</param-value> </context-param> After adding the user to the ApplicationRealm and adding the credentials to the applications's web.xml, the application will work correctly.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-09 10:07:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker RF-11983 Major Resolved Showcase: can't connect to JMS on AS7.1 since it is secured 2014-02-26 08:17:07 EST
JBoss Issue Tracker WFK2-146 Major Closed RichFaces Showcase - JMS Push: HornetQ JMS connection is secured by default 2014-02-26 08:17:07 EST

  None (edit)
Description Karel Piwko 2012-03-12 10:54:30 EDT
Description of problem:

Users trying to deploy RichFaces Showcase example will likely experience following error:


Version-Release number of selected component (if applicable):

Showcase.

How reproducible:

Always.

Steps to Reproduce:
1. Build RichFaces Showacase: mvn clean package -Pjbas7
2. Deploy RichFaces Showcase to a standard standalone-full.xml based profile.
  
Actual results:

15:53:24,302 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Thread-2 (HornetQ-remoting-threads-HornetQServerImpl::serverUUID=18634602-6c53-11e1-92e1-525400a7d082-1153720146-944645059)) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:269) [picketbox-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155) [picketbox-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_27]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_27]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_27]
        at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_27]
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_27]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_27]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.6.final-redhat-1.jar:4.0.6.final-redhat-1]
        at org.jboss.as.messaging.HornetQSecurityManagerAS7.validateUser(HornetQSecurityManagerAS7.java:39) [jboss-as-messaging-7.1.0.Final-redhat-1.jar:7.1.0.Final-redhat-1]
        at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:134) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.server.impl.HornetQServerImpl.createSession(HornetQServerImpl.java:807) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handleCreateSession(HornetQPacketHandler.java:187) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handlePacket(HornetQPacketHandler.java:85) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:508) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:556) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:517) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:533) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.remoting.impl.invm.InVMConnection$1.run(InVMConnection.java:166) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.utils.OrderedExecutorFactory$OrderedExecutor$1.run(OrderedExecutorFactory.java:100) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_27]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_27]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_27]

15:53:24,319 INFO  [org.hibernate.dialect.Dialect] (MSC service thread 1-2) HHH000400: Using dialect: org.hibernate.dialect.HSQLDialect
15:53:24,329 INFO  [org.hibernate.engine.transaction.internal.TransactionFactoryInitiator] (MSC service thread 1-2) HHH000268: Transaction strategy: org.hibernate.engine.transaction.internal.jdbc.JdbcTransactionFactory
15:53:24,330 INFO  [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (MSC service thread 1-2) HHH000397: Using ASTQueryTranslatorFactory
15:53:24,334 ERROR [org.hornetq.core.protocol.core.impl.HornetQPacketHandler] (Thread-2 (HornetQ-remoting-threads-HornetQServerImpl::serverUUID=18634602-6c53-11e1-92e1-525400a7d082-1153720146-944645059)) Failed to create session : HornetQException[errorCode=105 message=Unable to validate user: guest]
        at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:147) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.server.impl.HornetQServerImpl.createSession(HornetQServerImpl.java:807) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handleCreateSession(HornetQPacketHandler.java:187) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handlePacket(HornetQPacketHandler.java:85) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:508) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:556) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:517) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:533) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.core.remoting.impl.invm.InVMConnection$1.run(InVMConnection.java:166) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at org.hornetq.utils.OrderedExecutorFactory$OrderedExecutor$1.run(OrderedExecutorFactory.java:100) [hornetq-core-2.2.13.Final-redhat-1.jar:]
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_27]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_27]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_27]

15:53:24,340 INFO  [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-2) HHH000227: Running hbm2ddl schema export
15:53:24,350 SEVERE [org.richfaces.demo.push.MessageProducerRunnable] (MessageProducerThread) javax.faces.FacesException: Unable to validate user: guest: com.google.common.collect.ComputationException: javax.faces.FacesException: Unable to validate user: guest
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingMapAdapter.get(ComputingConcurrentHashMap.java:397) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl.createTopic(JMSTopicsContextImpl.java:281) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.TopicsContext.getOrCreateTopic(TopicsContext.java:48) [richfaces-core-api-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.TopicsContext.publish(TopicsContext.java:69) [richfaces-core-api-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.demo.push.TopicsContextMessageProducer.sendMessage(TopicsContextMessageProducer.java:46) [classes:]
        at org.richfaces.demo.push.MessageProducerRunnable.run(MessageProducerRunnable.java:57) [classes:]
        at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_27]
Caused by: javax.faces.FacesException: Unable to validate user: guest
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$1.apply(JMSTopicsContextImpl.java:207) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$1.apply(JMSTopicsContextImpl.java:195) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingValueReference.compute(ComputingConcurrentHashMap.java:355) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.compute(ComputingConcurrentHashMap.java:184) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingSegment.getOrCompute(ComputingConcurrentHashMap.java:153) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap.getOrCompute(ComputingConcurrentHashMap.java:69) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        at com.google.common.collect.ComputingConcurrentHashMap$ComputingMapAdapter.get(ComputingConcurrentHashMap.java:393) [guava-10.0.1-redhat-1.jar:10.0.1-redhat-1]
        ... 6 more
Caused by: javax.jms.JMSSecurityException: Unable to validate user: guest
        at org.hornetq.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:312)
        at org.hornetq.core.client.impl.ClientSessionFactoryImpl.createSessionInternal(ClientSessionFactoryImpl.java:780)
        at org.hornetq.core.client.impl.ClientSessionFactoryImpl.createSession(ClientSessionFactoryImpl.java:279)
        at org.hornetq.jms.client.HornetQConnection.authorize(HornetQConnection.java:601)
        at org.hornetq.jms.client.HornetQConnectionFactory.createConnectionInternal(HornetQConnectionFactory.java:684)
        at org.hornetq.jms.client.HornetQConnectionFactory.createConnection(HornetQConnectionFactory.java:119)
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$JMSTopicContext.createConnection(JMSTopicsContextImpl.java:99) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$JMSTopicContext.start(JMSTopicsContextImpl.java:123) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        at org.richfaces.application.push.impl.jms.JMSTopicsContextImpl$1.apply(JMSTopicsContextImpl.java:199) [richfaces-core-impl-4.2.0.Final-redhat-1.jar:4.2.0.Final-redhat-1]
        ... 12 more
Caused by: HornetQException[errorCode=105 message=Unable to validate user: guest]
        ... 21 more


Expected results:

It gets deployed.

Additional info:
Comment 1 Karel Piwko 2012-03-12 11:02:02 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
The default installation of JBoss Enterprise Application Platform comes secured by default. RichFaces Showcase example uses JMS Push functionality, which is secured as well.

Users wishing to deploy the application needs to do one of the following additional configurations:

1/ Add an user to via ApplicationRealm via $JBOSS_HOME/bin/add-user.bat/sh script into roles guest. 

2/ Modify web.xml in the RichFaces Showcase to contain created credentials, e.g.:

    <context-param>
        <param-name>org.richfaces.push.jms.connectionUsername</param-name>
        <param-value>guest</param-value>
    </context-param>
    <context-param>
        <param-name>org.richfaces.push.jms.connectionPassword</param-name>
        <param-value>password</param-value>
    </context-param>

The other way is to disable security for HornetQ completely.
Comment 2 Rebecca Newton 2012-03-13 00:51:29 EDT
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,18 +1,6 @@
-The default installation of JBoss Enterprise Application Platform comes secured by default. RichFaces Showcase example uses JMS Push functionality, which is secured as well.
+Both the default installation of JBoss Enterprise Application Platform and JMS Push, which is required by RichFaces Showcase example, are secured by default. To deploy the application, choose one of the following options:
 
-Users wishing to deploy the application needs to do one of the following additional configurations:
+1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat/sh script, with the role: guest.
-
+2. Modify web.xml in the RichFaces Showcase to contain created credentials:
-1/ Add an user to via ApplicationRealm via $JBOSS_HOME/bin/add-user.bat/sh script into roles guest. 
+adkslfjasdfk
-
+3. Disable security for HornetQ completely.-2/ Modify web.xml in the RichFaces Showcase to contain created credentials, e.g.:
-
-    <context-param>
-        <param-name>org.richfaces.push.jms.connectionUsername</param-name>
-        <param-value>guest</param-value>
-    </context-param>
-    <context-param>
-        <param-name>org.richfaces.push.jms.connectionPassword</param-name>
-        <param-value>password</param-value>
-    </context-param>
-
-The other way is to disable security for HornetQ completely.
Comment 3 Rebecca Newton 2012-03-13 00:53:38 EDT
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -2,5 +2,11 @@
 
 1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat/sh script, with the role: guest.
 2. Modify web.xml in the RichFaces Showcase to contain created credentials:
-adkslfjasdfk
+<context-param>
+-        <param-name>org.richfaces.push.jms.connectionUsername</param-name>        <param-value>guest</param-value>
+   </context-param>
+   <context-param>
+       <param-name>org.richfaces.push.jms.connectionPassword</param-name>
+      <param-value>password</param-value>
+   </context-param>
 3. Disable security for HornetQ completely.
Comment 4 Karel Piwko 2012-03-14 08:49:10 EDT
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,12 +1,14 @@
-Both the default installation of JBoss Enterprise Application Platform and JMS Push, which is required by RichFaces Showcase example, are secured by default. To deploy the application, choose one of the following options:
+Both the default installation of JBoss Enterprise Application Platform and JMS Push, which is required by RichFaces Showcase example, are secured by default. To deploy the application, you have add an user to a secured ApplicationRealm via following commands:
 
-1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat/sh script, with the role: guest.
-2. Modify web.xml in the RichFaces Showcase to contain created credentials:
+1. Add a new user ApplicationRealm with the $JBOSS_HOME/bin/add-user.bat or add-user.sh script, with the role: guest. 
+
+2. Modify web.xml in the RichFaces Showcase. Replace ${username} and ${password} with actual credentials.
+
 <context-param>
--        <param-name>org.richfaces.push.jms.connectionUsername</param-name>        <param-value>guest</param-value>
+        <param
+name>org.richfaces.push.jms.connectionUsername</param-name>        <param-value>${username}</param-value>
    </context-param>
    <context-param>
        <param-name>org.richfaces.push.jms.connectionPassword</param-name>
-      <param-value>password</param-value>
+      <param-value>${password}</param-value>
-   </context-param>
+   </context-param>-3. Disable security for HornetQ completely.
Comment 7 JBoss JIRA Server 2012-03-14 09:28:24 EDT
Karel Piwko <kpiwko@redhat.com> made a comment on jira RF-11983

Lukas, can you change default password to be different than username? AS7 does not allow you have password the same as username.
Comment 8 JBoss JIRA Server 2012-03-14 18:17:41 EDT
Lukáš Fryč <lfryc@redhat.com> made a comment on jira RF-11983

Hi Karel, it does make sense, I have opened RF-12048.
Comment 9 JBoss JIRA Server 2012-03-14 18:19:21 EDT
Lukáš Fryč <lfryc@redhat.com> made a comment on jira RF-11983

Additionally we can try to workaround this issue - to make the example deployable without any configuration out-of-the-box.
Comment 10 JBoss JIRA Server 2012-03-14 18:20:04 EDT
Lukáš Fryč <lfryc@redhat.com> made a comment on jira RF-11983

Additionally we can try to workaround this issue - to make the example deployable without any configuration out-of-the-box.

We can achieve it by configuring the JMS (adding user) using DMR interface.
Comment 11 JBoss JIRA Server 2012-03-14 18:20:17 EDT
Lukáš Fryč <lfryc@redhat.com> made a comment on jira RF-11983

Additionally we can try to workaround this issue - to make the example deployable without any configuration out-of-the-box.

We can achieve it by configuring the JMS (adding user) using DMR interface (the same already used for topic creation).
Comment 12 JBoss JIRA Server 2012-03-26 09:09:36 EDT
Juraj Huska <jhuska@redhat.com> made a comment on jira RF-11983

The behavior is the same when deploying on _JBoss AS 6.0.0.Final_.

I have used similar workaround when I have set to:
_JBOSS_HOME/server/default/deploy/hornetq/hornetq-configuration.xml_

the same property: _<security-enabled>false</security-enabled>_
Comment 13 Marek Novotny 2012-05-31 08:23:11 EDT
Is this issue for only a technical note or real fix is somewhere needed? I can see that upstream issue is not resolved and postponed to 4.3.
Comment 15 JBoss JIRA Server 2012-06-01 02:49:45 EDT
Karel Piwko <kpiwko@redhat.com> made a comment on jira RF-11983

Test comment.
Comment 17 Marek Novotny 2012-09-25 03:48:16 EDT
Brian,

 what do we do with this issue? Still only documented issue?
Comment 18 Brian Leathem 2012-10-11 13:26:19 EDT
Currently we have to document the required steps to workaround the auth requirement.

Lukas has proposed an automation of this using the DMR interface.  While this would work, we have to keep in mind we now have a completely non-portable solution here, and this only brings us further in a non-portable direction.

An alternative workaround is to remove the JMS integration from the showcase altogether.  We can have a specific dev-example to demonstrate JMS/Push integration.  This would also improve the portability of the showcase.
Comment 19 Marek Novotny 2012-11-06 12:01:20 EST
changing status as this is now only documentation issue and the solution will be provided in future.
Comment 22 JBoss JIRA Server 2014-02-26 05:57:39 EST
Lukáš Fryč <lfryc@redhat.com> updated the status of jira RF-11983 to Resolved

Note You need to log in before you can comment on or make changes to this bug.