OSB 11g - JMS Proxy - Remote Authentication in Foreign Server Fails, e.g. with JBOSS MQ (Doc ID 1931204.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Oracle Service Bus - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Goal

If you create a JMS proxy (i.e. Proxy Service of messaging type using JMS transport) in the OSB SBConsole it will create and deploy an MDB in the background. You can use the A-Team utility to determine the name of of the MDB deployed:  http://www.ateam-oracle.com/oracle-service-bus-jms-deployments-utility/ and view it in the WLS admin console.

In a customer scenario, remote authentication was not working for the OSB JMS proxy MDB against a remote JBOSS MQ. The reason why it didn't work was the following:

When creating a Foreign Server in WLS, you are implicitly creating the so called JMS "wrappers".  Wrappers allow you to create a "symbolic link" between a JMS object in a third-party JNDI provider or in a different WebLogic Server cluster or domain, and an object in the local WebLogic JNDI tree.

See: http://docs.oracle.com/cd/E13222_01/wls/docs81/ejb/message_beans.html#1156059

OSB creates a weblogic-ejb-jar.xml with the MDB configuration in the message-driven-descriptor stanza,  where the JNDI names for both connection factory and destination are specified:


The problem is that the provider-url is also specified. If this is the case, WLS will ignore the credentials supplied via the Foreign Server definition. This is consistent with the doc:

http://docs.oracle.com/cd/E13222_01/wls/docs81/ejb/message_beans.html#1155021

How to Set provider-url
   provider-url specifies the URL of the JNDI service used by the JMS provider for the destination to which the MDB listens.
       - If the JMS provider is local to the MDB (by definition, WebLogic JMS), do not specify provider-url.
       - If the JMS provider is remote, whether WebLogic JMS or a foreign provider, and:
           - You do not use wrappers, specify provider-url.
           - You do use wrappers, do not specify provider-url. The URL is implicitly encoded in the wrapper.

Since we're using wrappers (implicitly, as we're using a Foreign Server), then provider-url should not be specified. If you remove that line, WLS will use the credentials used in the Foreign Server definition and the connection will go through.

Conclusion: When having OSB proxies that connect to remote JMS providers that require authentication for establishing connections, if OSB recommends to use a WLS Foreign Server and thus the so called JMS wrappers, then OSB should create a consistent descriptor *without* specifying the provider-url. In principle, you could edit the MDB manually, but there is better way to get it to work:

 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms