Security domain for JMS in JBoss EAP

Solution Unverified - Updated -

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 4.3

Issue

  • Can the security of a JMS operation be enforced by a security domain?  For example, sending a JMS message from a stateless session EJB3 annotated with @SecurityDomain to a JMS provider which is also secured by that same domain.
  • Is it possible for an external JMS client (note, this is a separate JVM from the JBoss container) to pass in credentials using a JAAS (with ClientLoginConfig) like is possible with EJB?

Resolution

No.  JMS security only supports username and password, and JMS messages carry no security context.  Although an application or EJB3 may be associated with a security domain that means nothing to JMS.  You still must specify a username and password (either directly or on the <tx-connection-factory> you use to send the message).

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments