I am working on a simple JMS queue management web app that is being migrated from WebLogic to JBoss EAP 7.1. The app is used to search/delete/move messages on various queues. Previously, the management app and the queues that it managed (I'll call it "queue server") were all on the same WebLogic server. Now, the management app and the queue server will be in different containers, each running in a JBoss server. The management app and queue server are each secured using an LDAPExtended Login Module.
The management app gets a reference to the queue server's InitialContext and uses JNDI to obtain a QueueConnectionFactory, using this (edited) code:
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
env.put(Context.PROVIDER_URL, "remote://pams-pams-dev.ocpdev.aipo.gov.au:30746");
env.put(Context.URL_PKG_PREFIXES, "org.jboss.as.naming.interfaces");
env.put(Context.SECURITY_PRINCIPAL, "username");
env.put(Context.SECURITY_CREDENTIALS, "password");
InitialContext context = new InitialContext(env);
QueueConnectionFactory connectionFactory = (QueueConnectionFactory) context.lookup("ConnectionFactory");
The logged-in user is available in the management app in the SessionContext, but I don't know how I can pass the user details to the queue server. Is this possible, or is there some other way I need to set this up?
To my knowledge you cannot pass (implicitly or otherwise) the user credentials from the SessionContext to the InitialContext for the JNDI lookup. Also, even if you could pass the credentials to the InitialContext you'd still potentially need to pass them to the createConnection method on the javax.jms.QueueConnectionFactory you looked up (since JNDI and JMS security are independent of each other) and I don't believe that is possible either.