Tuesday, May 21, 2013

Revoking JMS Service Account, security caching

I have disabled a JMS Proxy, then inserted 3 JMS messages in the queue,  then removed the rights from the JMS Service Account: once reenabled, at the beginning, the MDB tries to connect and consume the individual messages, but he gets a composite error:

####<May 21, 2013 2:18:19 PM CEST> <Warning> <EJB> <hqchnesoa102> <osbdev1ms1> <[ACTIVE] ExecuteThread: '40' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <7f9b72b69446518a:565dc0ec:13ea91cf851:-8000-0000000000011d31> <1369138699444> <BEA-010061> <The Message-Driven EJB: RequestEJB-7978421337537108199--2e2610ca.13ea3d3bbf0.-7fe8 is unable to connect to the JMS destination: PV_OSB_TESTQ. The Error was:
weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=PV_OSB_TESTModule, destinationType=queue, resource=PV_OSB_TESTQ, action=receive
Nested exception: weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=PV_OSB_TESTModule, destinationType=queue, resource=PV_OSB_TESTQ, action=receive
Nested exception: weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=PV_OSB_TESTModule, destinationType=queue, resource=PV_OSB_TESTQ, action=receive
Nested exception: weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=PV_OSB_TESTModule, destinationType=queue, resource=PV_OSB_TESTQ, action=receive
Nested exception: weblogic.jms.common.JMSSecurityException: Access denied to resource: type=<jms>, application=PV_OSB_TESTModule, destinationType=queue, resource=PV_OSB_TESTQ, action=receive>

Once I restore the JMS Service Account, after 1 minute the MDB reconnects:








####<May 21, 2013 2:19:29 PM CEST> <Info> <EJB> <hqchnesoa102> <osbdev1ms1> <[ACTIVE] ExecuteThread: '38' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <7f9b72b69446518a:565dc0ec:13ea91cf851:-8000-0000000000011d56> <1369138769467> <BEA-010060> <The Message-Driven EJB: RequestEJB-7978421337537108199--2e2610ca.13ea3d3bbf0.-7fe8 has connected/reconnected to the JMS destination: PV_OSB_TESTQ.>



In general , security changes are not instantaneous, I believe they are cached somehow.




Posted by vernetto at 2:25 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)