JMS error "User null is NOT authenticated" in JBoss EAP

Solution Verified - Updated -

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 4.3
    • 5.x

Issue

Receiving "User null is NOT authenticated" in log during JMS operations.

Resolution

  1. If using the default "messaging" application-policy, verify the "dsJndiName" attribute is pointing to the same datasource as the "DataSource" attribute of "jboss.messaging:service=JMSUserManager."
    • In JBoss 4.3
      • The "messaging" application-policy is in <JBOSS_HOME>/server/<profile>/conf/login-config.xml
      • The "jboss.messaging:service=JMSUserManager" MBean is in <JBOSS_HOME>/server/<profile>/deploy/jboss-messaging.sar/*-persistence-service.xml
    • In JBoss 5.x
      • The "messaging" application policy is in <JBOSS_HOME>/server/<profile>/deploy/messaging/messaging-jboss-beans.xml
      • The "jboss.messaging:service=JMSUserManager" MBean is in <JBOSS_HOME>/server/<profile>/deploy/messaging/*-persistence-service.xml
  2. If users who do not supply authentication credentials should still be able to access the destinations then verify that the "unauthenticatedIdentity" of the login module is a user authorized to access the JMS destination. In EAP 4.3 the default security configuration for all JMS destinations is controlled by the "DefaultSecurityConfig" attribute in the messaging-service.xml file, and in EAP 5.x this is controlled via the "defaultSecurityConfig" property in messaging-jboss-beans.xml. The default configuration can be overridden on a per-destination basis using the "SecurityConfig" attribute. Destinations are usually defined in the destinations-service.xml file. These security configurations define what roles can perform which operations (i.e. read/write/create). The user defined as the "unauthenticatedIdentity" should be in the appropriate role.
    • In JBoss 4.3 the messaging-service.xml and destinations-service.xml files are located in <JBOSS_HOME>/server/<profile>/deploy/jboss-messaging.sar
    • In JBoss 5.x the messaging-jboss-beans.xml and destinations-service.xml files are located in <JBOSS_HOME>/server/<profile>/deploy/messaging
  3. Verify that the user specified by the "unauthenticatedIdentity" of the login module exists in the security repository (e.g. LDAP, users/roles files, JDBC database, etc.).
  4. Check conf/login-config.xml, if "messaging" application-policy getting override.

Diagnostic Steps

  • Enable trace level logging on org.jboss.security.auth.spi.DatabaseServerLoginModule category in jboss-log4j.xml.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.