This discussion is archived
4 Replies Latest reply: Aug 31, 2012 4:10 AM by SteveElkind RSS

Weblogic not using jms connection credentials

SteveElkind Newbie
Currently Being Moderated
I have a foreign JMS provider set up for our Sonic installation, with username/password specified for both the JMS server (aka JNDI context) and the connection factory.

The JNDI lookups are working fine, but when trying to establish a connection use the connection factory, I get an InauthenticClient exception. When I set a notification watch on the Sonic message broker to see the rejections for connection requests coming from WebLogic, I see that the user name is not being supplied.

This all works in standalone test code with the same username and password, connecting directly to Sonic, and in Sonic's connection notification watches I do see the user name (different code; the WebLogic application is a servlet application written using Spring).

Has anyone seen a similar problem, or has an idea of what can be going wrong?

Supporting Details:

WLS 10.3.5, JDK 1.6.0_29 (Sun 64-bit), RHEL 5.6, SonicMQ 8.5.0.

<foreign-server name="SonicMQ_JMSServer_US">
<sub-deployment-name>AppSvcs_cluster_subdepl</sub-deployment-name>
<default-targeting-enabled>false</default-targeting-enabled>
...
<foreign-connection-factory name="SMS_Repl_XACF">
<local-jndi-name>jms/sms/replication/SMS_Repl_XACF</local-jndi-name>
<remote-jndi-name>jms/sms/replication/SMS_Repl_XACF</remote-jndi-name>
<username>obscuredusername</username>
<password-encrypted>{AES}OBSCURED3mZ7twptOpo4910ypdGPG7nXpcJMEA=</password-encrypted>
...

<initial-context-factory>com.sonicsw.jndi.mfcontext.MFContextFactory</initial-context-factory>
<connection-url>tcp://nj09mhm5097.mhf.mhc:24100,tcp://nj09mhm5098.mhf.mhc:24100</connection-url>
<jndi-properties-credential-encrypted>{AES}OBSCUREDIRVVGVUp/BqQCQss8tcouHe+rVHog8=</jndi-properties-credential-encrypted>
<jndi-property>
<key>com.sonicsw.jndi.mfcontext.domain</key>
<value>PRP_US_IT</value>
</jndi-property>
<jndi-property>
<key>java.naming.security.principal</key>
<value>obscuredusername</value>
</jndi-property>
</foreign-server>
  • 1. Re: Weblogic not using jms connection credentials
    SteveElkind Newbie
    Currently Being Moderated
    One other point - same username/password for both JNDI and ConnectionFactory.

    BTW, I just tried changing the connection factory password to different values
    1. from the original, whose encrypted value does not match that of the JNDI password;
    2. back to the original
    3. to another random value
    4. back to the original.

    Each time, after saving and activating the config change, I opened the JMS config descriptor in the domain's config directory, and looked at the encrypted passwords for the connection factory. None of the three encrypted values for the original password is the same as any of the others for the same password, and none match that for the connection factory. Is this the expected behavior?
  • 2. Re: Weblogic not using jms connection credentials
    Tom B Expert
    Currently Being Moderated
    Hi Steve,

    Is the Servlet accessing the Connection Factory via an EJB standard resource reference? I think this may be needed so that the app server can have the opportunity to wrap the connection and inject the Foreign JMS credentials into "createConnection".

    See http://docs.oracle.com/cd/E21764_01/web.1111/e13727/j2ee.htm#i1313669 for samples.

    HTH,

    Tom
  • 3. Re: Weblogic not using jms connection credentials
    SteveElkind Newbie
    Currently Being Moderated
    Tom,

    That did the trick. Thanks!

    In my test web app (attached, includes sources), I have the following in web.xml:
    <resource-ref>
    <res-ref-name>jms/sms/replication/SMS_Repl_XACF</res-ref-name>
    <res-type>javax.jms.XAConnectionFactory</res-type>
    <res-auth>Container</res-auth>
    <res-sharing-scope>Shareable</res-sharing-scope>
    </resource-ref>

    And in weblogic.xml:
    <resource-description>
    <res-ref-name>jms/sms/replication/SMS_Repl_XACF</res-ref-name>
    <jndi-name>jms.sms.replication.SMS_Repl_XACF</jndi-name>
    </resource-description>

    In the app, I just prepended “java:comp/env/” to the JNDI name spec'd in the res-ref-name, e.g,. java:comp/env/jms/sms/replication/SMS_Repl_XACF

    I did not bother doing the same with the topics, it did not seem necessary. Is there any real wrapper-based benefit to doing so?
  • 4. Re: Weblogic not using jms connection credentials
    SteveElkind Newbie
    Currently Being Moderated
    oops, not attached, I just cut-n-paste from an email to someone else.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points