JBoss messaging system uses the concept of Message Sucker Passwords. This a password used by the message sucker connections to create new connections. While moving your JBoss profile for production purpose it is highly recommended that we should change this password. This password is defined and mapped in the following two files “$PROFILE/deploy/messaging/messaging-jboss-beans.xml” and “$PROFILE/deploy/messaging/messaging-service.xml” files.

The First file “messaging-jboss-beans.xml” contains the clear text sucker password, where as the second file “messaging-service.xml” should contain the encrypted value of the sucker password. the password encryption can be done using the class “org.jboss.messaging.util.SecurityUtil” class. This class resides inside the “$JBOSS_HOME/client/jboss-messaging-client.jar” file.

If the Sucker password is not set/changed then we will get the following kind of WARNNING message while starting the JBoss profile.

13:38:56,422 WARN  [JBossASSecurityMetadataStore] WARNING! POTENTIAL SECURITY RISK. It has been detected that the MessageSucker component which sucks messages from one node to another has not had its password changed from the installation default. Please see the JBoss Messaging user guide for instructions on how to do this.

Following are the steps to change the Sucker password for JBoss messaging system.

Step1). Change the sucker password in “deploy/messaging/messaging-jboss-beans.xml”. Suppose your SuckerPassword is “ABCEDEFGHI” then we can do the following:

<property name="suckerPassword">ABCEDEFGHI</property>

Step2). Generate an encrypted version of this password (jboss-messaging-client.jar’s location is relative to jboss-as/client directory):

java -cp $JBOSS_HOME/client/jboss-messaging-client.jar org.jboss.messaging.util.SecurityUtil ABCEDEFGHI

key len: 14 length max: 128
Encoded password: 4cd5ab1456781b311

Step3). Place the encodedPassword of above command in “deploy/messaging/messaging-service.xml”

<attribute name="SuckerPassword">4cd5ab1456781b311</attribute>

Step4). Restart your JBoss Profile.

Middleware Magic Team

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.