mq
  1. mq
  2. MQ-307

username/password parameters in ConnectionFacrory.createConection(String username, String password) don't take effect in GlassFish standalone client without ACC

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 5.0-RI (Sprint 12 - 30)
    • Fix Version/s: None
    • Component/s: mq-ra
    • Labels:
      None

      Description

      When creating connection via ConnectionFacrory.createConection(String username, String password), the parameters username and password don't take effect. It always user the default subject 'guest' which is the default credential of connector connection pool and ResourceAdapter.

      It is expected that the username provided in createConnection API can override the default credential 'guest' for the connection creation and following jms operations derived from the connection, for example, createSession, createProducer...

        Issue Links

          Activity

          Hide
          David Zhao added a comment - - edited

          The bug is inside ConnectionManagerImpl.internalGetConnection(...), here is the code snippet.

          		} else {
                          if (prin == null) {  <---  should it be "if (cxRequestInfo != null)" ?
                              info = new ClientSecurityInfo(cxRequestInfo);
                          } else {
                              info = new ClientSecurityInfo(prin);
                              if (prin.equals(defaultPrin)) {
          
          Show
          David Zhao added a comment - - edited The bug is inside ConnectionManagerImpl.internalGetConnection(...), here is the code snippet. } else { if (prin == null ) { <--- should it be " if (cxRequestInfo != null )" ? info = new ClientSecurityInfo(cxRequestInfo); } else { info = new ClientSecurityInfo(prin); if (prin.equals(defaultPrin)) {
          Hide
          amyk added a comment - - edited

          The above code snippet is in GlassFish server code base, not MQ code base. In a later email, David Zhou referred to a test case via direct JNDI access com.sun.enterprise.naming.impl.SerialInitContextFactory - a non-standard path to access a JMS resource in GlassFish server. David, since in that path, the JMSRA simply use whatever the 'Subject' parameter that GlassFish connector passed JMSRA createManagedConnection(), hence your above comment is forwarded to GLASSFISH-18715. Please evaluate that accordingly in GLASSFISH-18715.

          Show
          amyk added a comment - - edited The above code snippet is in GlassFish server code base, not MQ code base. In a later email, David Zhou referred to a test case via direct JNDI access com.sun.enterprise.naming.impl.SerialInitContextFactory - a non-standard path to access a JMS resource in GlassFish server. David, since in that path, the JMSRA simply use whatever the 'Subject' parameter that GlassFish connector passed JMSRA createManagedConnection(), hence your above comment is forwarded to GLASSFISH-18715 . Please evaluate that accordingly in GLASSFISH-18715 .
          Hide
          amyk added a comment - - edited

          1. For standard Java SE JMS MQ standalone client, MQ ConnectionFacrory.createConnection(String username, String password) works as expected

          2. When running in Java EE EJB container, though this would be in GlassFish server land, according to EJB specification, how sign-on information is used for a ConnectionFactory resource depends AuthenticationType is APPLICATION or CONTAINER (annotation) or res-auth is Application or Container in descriptor. To use explicit programmatic sign-on from a bean, it should configure the ConnectionFactory with AuthenticationType APPLICATION or res-auth Application. By default AuthenticationType is CONTAINER and res-auth is Container

          3. When AuthenticationType is CONTAINER or res-auth is Container, one can configure username and password for a ConnectionFactory resource as following

             asadmin create-jms-resource --restype javax.jms.ConnectionFactory --property UserName=myname:Password=mypasswd jms/myConnectionFactory
             
          Show
          amyk added a comment - - edited 1. For standard Java SE JMS MQ standalone client, MQ ConnectionFacrory.createConnection(String username, String password) works as expected 2. When running in Java EE EJB container, though this would be in GlassFish server land, according to EJB specification, how sign-on information is used for a ConnectionFactory resource depends AuthenticationType is APPLICATION or CONTAINER (annotation) or res-auth is Application or Container in descriptor. To use explicit programmatic sign-on from a bean, it should configure the ConnectionFactory with AuthenticationType APPLICATION or res-auth Application. By default AuthenticationType is CONTAINER and res-auth is Container 3. When AuthenticationType is CONTAINER or res-auth is Container, one can configure username and password for a ConnectionFactory resource as following asadmin create-jms-resource --restype javax.jms.ConnectionFactory --property UserName=myname:Password=mypasswd jms/myConnectionFactory
          Hide
          amyk added a comment - - edited
          • standard Java SE MQ JMS standalone client ConnectionFactory.createConnection(username, password) work as expected
          • When MQ running in GlassFish server as JMS provider, bean or appclient (in appclient container) explicit programmatic sign-on when ConnectionFactory has AuthenticationType APPLICATION and container sign-on (--property UserName/Password from create-jms-resource) when AuthenticationType is CONTAINER are passed to MQ as expected
          • In EMBEDDED jms-service mode, MQ-354 and MQ-355 affected the embedded broker accesscontrol working. However for a ConnectionFactory with AuthenticationType APPLICATION, bean's explicit programmatic sign-on information - that is username/password in ConnectionFactory.createConnection(username, password) is passed to MQ

          As David indicated later the issue is with GlassFish standalone client without ACC and GLASSFISH-21082 has been filed for the issue, hence treat this jira as the issue the submitter intended, closing as duplicated of GLASSFISH-21082

          Show
          amyk added a comment - - edited standard Java SE MQ JMS standalone client ConnectionFactory.createConnection(username, password) work as expected When MQ running in GlassFish server as JMS provider, bean or appclient (in appclient container) explicit programmatic sign-on when ConnectionFactory has AuthenticationType APPLICATION and container sign-on (--property UserName/Password from create-jms-resource) when AuthenticationType is CONTAINER are passed to MQ as expected In EMBEDDED jms-service mode, MQ-354 and MQ-355 affected the embedded broker accesscontrol working. However for a ConnectionFactory with AuthenticationType APPLICATION, bean's explicit programmatic sign-on information - that is username/password in ConnectionFactory.createConnection(username, password) is passed to MQ As David indicated later the issue is with GlassFish standalone client without ACC and GLASSFISH-21082 has been filed for the issue, hence treat this jira as the issue the submitter intended, closing as duplicated of GLASSFISH-21082

            People

            • Assignee:
              amyk
              Reporter:
              David Zhao
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: