Hello list,
I am trying to get authentication and authorization using JAAS to work with
ActiveMQ-RC2, and am having troubles with the authorization part
(authentication seems to be working fine). I am trying to get a setup as close
to the one outlined in http://www.activemq.org/Security to work first, so this
is what I have set up:
I have created a login.config file in $ACTIVE_HOME/lib with these contents:
activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
In the same directory, I have created users.properties with this content:
myuser=mypassword
Also in the same directory, I have created groups.properties with this content:
myuser=mygroup
Finally, I have made this addition to activemq.xml, and placed it as the first
element in the broker element:
<plugins>
<!-- use JAAS to authenticate using the login.config file on the
classpath to configure JAAS -->
<jaasAuthenticationPlugin configuration="activemq-domain" />
<!-- lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="mygroup" write="mygroup"
admin="mygroup" />
<authorizationEntry queue="USERS.>" read="mygroup"
write="mygroup" admin="mygroup" />
<authorizationEntry queue="GUEST.>" read="mygroup"
write="mygroup" admin="mygroup" />
<authorizationEntry topic=">" read="mygroup" write="mygroup"
admin="mygroup" />
<authorizationEntry topic="USERS.>" read="mygroup"
write="mygroup" admin="mygroup" />
<authorizationEntry topic="GUEST.>" read="mygroup"
write="mygroup" admin="mygroup" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="mygroup"
write="mygroup" admin="mygroup"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
I am then trying to send messages to a queue from an application in my servlet
container, that I have based on the example that came with the ActiveMQ
distribution. Basically, first I create a connection like this:
ActiveMQConnection connection = ActiveMQConnection.makeConnection("myuser",
"mypassword", "tcp://localhost:61616");
I then try and create a javax.jms.Session like this:
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
However, when doing this, I get an exception:
javax.jms.JMSException: User myuser is not authorized to create:
topic://ActiveMQ.Advisory.Connection
I have also tried doing a connection.start() before creating the session, but
that statement also yields the above exception. The authentication piece does
seem to work, though, because if I supply an erroneous user name, creating the
session throws this exception:
javax.jms.JMSException: User name or password is invalid.
Also, sending messages without using JAAS (by removing the above plugins
element from activemq.xml) works fine.
I'm now lost trying to figure out where I'm going wrong. I have not referenced
any topic or queue names in the code prior to creating the session, so I'm
wondering why the exception states that I'm trying to create an
ActiveMQ.Advisory.Connection topic. Have I misconfigured activemq.xml or
login.config somewhere, or is there something in the code that needs to happen
to invoke the authorization logic, other than specifying the autorizationMap in
activemq.xml?
Any insight would be most appreciated!
Thanks in advance,
Johan Hallgren
