OSB 11g - JMS Proxy - Remote Authentication in Foreign Server Fails, e.g. with JBOSS MQ
Last updated on NOVEMBER 03, 2016
Applies to:Oracle Service Bus - Version 126.96.36.199.0 and later
Information in this document applies to any platform.
If you create a JMS proxy (i.e. Proxy Service of messaging type using JMS transport) in the OSB SBConsole it will create and deploy an MDB in the background. You can use the A-Team utility to determine the name of of the MDB deployed: http://www.ateam-oracle.com/oracle-service-bus-jms-deployments-utility/ and view it in the WLS admin console.
In a customer scenario, remote authentication was not working for the OSB JMS proxy MDB against a remote JBOSS MQ. The reason why it didn't work was the following:
When creating a Foreign Server in WLS, you are implicitly creating the so called JMS "wrappers". Wrappers allow you to create a "symbolic link" between a JMS object in a third-party JNDI provider or in a different WebLogic Server cluster or domain, and an object in the local WebLogic JNDI tree.
OSB creates a weblogic-ejb-jar.xml with the MDB configuration in the message-driven-descriptor stanza, where the JNDI names for both connection factory and destination are specified:
The problem is that the provider-url is also specified. If this is the case, WLS will ignore the credentials supplied via the Foreign Server definition. This is consistent with the doc:
How to Set provider-url
provider-url specifies the URL of the JNDI service used by the JMS provider for the destination to which the MDB listens.
- If the JMS provider is local to the MDB (by definition, WebLogic JMS), do not specify provider-url.
- If the JMS provider is remote, whether WebLogic JMS or a foreign provider, and:
- You do not use wrappers, specify provider-url.
- You do use wrappers, do not specify provider-url. The URL is implicitly encoded in the wrapper.
Since we're using wrappers (implicitly, as we're using a Foreign Server), then provider-url should not be specified. If you remove that line, WLS will use the credentials used in the Foreign Server definition and the connection will go through.
Conclusion: When having OSB proxies that connect to remote JMS providers that require authentication for establishing connections, if OSB recommends to use a WLS Foreign Server and thus the so called JMS wrappers, then OSB should create a consistent descriptor *without* specifying the provider-url. In principle, you could edit the MDB manually, but there is better way to get it to work:
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms