Security: Invalid subject while connecting to JMS External Server Weblogic

0
votes

I have an EJB Module supposed to run on Weblogic 10.3.5

On Weblogic console, I have set up a JMS module as an External Server that points to another weblogic instance. In this module I have a jms/myQueue and a jms/myConnectionFactory.

In the EJB Module, I defined an MDB with the following annotation and it works (it is notified when a messaged is present on the queue and processes it).

@MessageDriven(
    activationConfig = { @ActivationConfigProperty(
            propertyName = "destination", propertyValue = "jms/myQueue"), @ActivationConfigProperty(
            propertyName = "destinationType", propertyValue = "javax.jms.Queue"), @ActivationConfigProperty(
            propertyName = "connectionFactoryJndiName", propertyValue = "jms/myConnectionFactory")
    }

The problem is, when I try to define a client that puts a message on the same queue, using the following code inside an EJB

@Stateless
public class messageSender implements messageSenderLocal {

    @Resource(mappedName="jms/myConnectionFactory")
    private ConnectionFactory connectionFactory;

    @Resource(mappedName="jms/myQueue")
    private Queue queue;

    @Override
    public void sendMessage(String msgString) {
        Connection connection = connectionFactory.createConnection();
        Session session = connection.createSession(true, Session.AUTO_ACKNOWLEDGE);
        MessageProducer messageProducer = session.createProducer(queue);
        Message message = session.createTextMessage();
        message.setText(msgString);
        messageProducer.send(message);
        connection.close();
    }
}

I get the following error at statement connection.createSession(true, Session.AUTO_ACKNOWLEDGE):

java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators]
       at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234) ~[com.bea.core.weblogic.rmi.client_1.10.0.0.jar:1.10.0.0]
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348) ~[com.bea.core.weblogic.rmi.client_1.10.0.0.jar:1.10.0.0]
       at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259) ~[com.bea.core.weblogic.rmi.client_1.10.0.0.jar:1.10.0.0]
       at weblogic.jms.frontend.FEConnectionFactoryImpl_1035_WLStub.connectionCreateRequest(Unknown Source) ~[weblogic.jar:10.3.5.0]
       at weblogic.jms.client.JMSConnectionFactory.setupJMSConnection(JMSConnectionFactory.java:224) ~[weblogic.jar:10.3.5.0]
       at weblogic.jms.client.JMSConnectionFactory.createConnectionInternal(JMSConnectionFactory.java:285) ~[weblogic.jar:10.3.5.0]
       at weblogic.jms.client.JMSConnectionFactory.createQueueConnection(JMSConnectionFactory.java:165) ~[weblogic.jar:10.3.5.0]
       at ...

This error apparently has to do with something about trusted domains on Weblogic, but

  1. Why would the connection work when receiving?
  2. Is there any way to overcome this without having to change the configuration in the external server?

Thank you.

1
javajmsweblogic-10.x

1 Answers

0
votes

The problem was: the external JNDI server required no credentials, but our authenticator automatically set the currently logged user.

To avoid this behavior and force a "no-user" login on the external JNDI server, I put the string java.naming.security.principal= in the JNDI Properties field of the foreign server configuration on Weblogic console.