cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gueugaie <gueug...@gmail.com>
Subject SOAP over JMS using secured Weblogic JMS Module
Date Thu, 07 Jan 2016 14:15:12 GMT
Hi List,

I'm upgrading to CXF3, and facing an issue with the deployment of SOAP/JMS
services in a weblogic container.

We use weblogic's JMS module and everything's fine untill we activate a
weblogic security strategy on the JMS Module.

When doing so (see this for documentation
https://docs.oracle.com/cd/E13222_01/wls/docs81/jndi/jndi.html#467275 ),
one can retreive the ConnectionFactory inside the JNDI withtout a problem,
but when the message polling actually starts, it fails with a security
exception :

Caused by: weblogic.jms.common.JMSSecurityException: Access denied to
resource: type=<jms>, application=...
    at
weblogic.jms.common.JMSSecurityHelper.checkPermission(JMSSecurityHelper.java:160)
   ...
   at
org.apache.cxf.transport.jms.util.PollingMessageListenerContainer.createConsumer

We get the same result for Weblogic 11 or 12, with CXF 2.7.x or 3.x.

The diagnostic is "simple" : we can not use weblogic secured ressources
from threads that do not hold a valid weblogic security context (those
contexts are indeed are ThreadLocal).

The solution in 2.x used to be fairly simple...
We got around this by overrinding Spring-JMS modules, providing our own
polling thread implementation that would initiate an InitialContext
(effectively logging in a Weblogic User), and delegate the actual work to
the standard implementation. Nice, simple overloading.
Check out :
http://stackoverflow.com/questions/19849766/org-springframework-jms-jmssecurityexception-access-denied-to-resource-type-j
for a simple description.

In 3.X, no more SpringJMS. And the poller runaable is implemented in a
private class, running inside a privately constructed Thread Pool, and
interaction with the secured ressources via private methods. So I'm kinda
stuck...

Does anyone have a solution / good idea for this ? Is this somehow in the
docs (could not find it :() ?

Thanks!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message