I've added it as AMQ-1049
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hiram
Chirino
Sent: Tuesday, November 14, 2006 12:30 PM
To: [email protected]
Subject: Re: SimpleAuthenticationBroker not preventing rogue producer??
Hi Chris could you create JIRA to track this change?
On 11/13/06, Chris Hofstaedter <[EMAIL PROTECTED]> wrote:
>
> Ok, I've been able to get the behavior I want, but I had to modify
> AbstractConnection.java to do it. I dont know if my modifications are
> appropriate, so could someone take a look and let me know whether this
is a
> desirable change or not?
>
> Specifically, I added an additional catch block after line 202 of
> AbstractConnection and before the catch(Throwable). The new code is:
> catch ( SecurityException e1)
> {
> ConnectionError ce = new ConnectionError();
> ce.setException(e1);
> dispatchSync(ce);
> try
> {
> this.stop();
> }
> catch (Exception e2)
> {
> serviceLog.error("Unable to stop the connection after the
Security
> Exception: " + e2);
> }
>
> Notice the dispatchSync versus dispatchAsync - I did this to ensure
that the
> client was informed off the security violation before the connection
is
> stopped.
>
> Again, this "fix" was to ensure that producers with bad security
credentials
> could not submit messages despite the login failure. In my example,
the
> producer is running in one JVM loaded via JNI invokation with an
embedded
> broker and a DemandForwardingBridge that is connecting to the remote
broker
> via "tcp://128.0.0.1:61616". The consumer and the BrokerService are
running
> on the same machine but in another JVM also loaded via JNI invokation
but
> communicating with each other via "vm://localhost".
>
>
> Chris Hofstaedter wrote:
> >
> > Hopefully someone can help me here.
> >
> > I'm trying to set up a SimpleAuthenticationBroker programatically
rather
> > than through the xml. I've tried with 4.0.1 and 4.1. The symptom
is
> > that, although the broker is set as an intercepter and it detects a
bad
> > password and emits a SecurityException, the producer is still
allowed to
> > produce messages. I can see the producer get the bad login
indication
> > through the following log message:
> > WARN org.apache.activemq.network.DemandForwardingBridge -
Unexpected
> > remote command: ConnectionError {commandId = 2, responseRequired =
false,
> > connectionId = null, exception = java.lang.SecurityException: User
name or
> > password is invalid.}
> >
> > But then, the next thing I know, my consumers, that have
successfully
> > logged in, start receiving messages from this very same producer.
> >
> > In case it's my code, here's how I'm setting up the broker:
> > final Map<String, String> userPasswords = new
HashMap<String,
> > String>();
> > userPasswords.put("username", "password");
> > m_broker = new BrokerService()
> > {
> > protected Broker addInterceptors(Broker broker) throws
> > Exception
> > {
> > broker = super.addInterceptors(broker);
> > broker = new SimpleAuthenticationBroker(broker,
> > userPasswords, new HashMap());
> > return broker;
> > }
> > };
> > m_broker.setUseLoggingForShutdownErrors(false);
> > m_broker.setUseShutdownHook(false);
> > m_broker.setUseJmx(true);
> > m_broker.setBrokerName("localhost");
> > ManagementContext mgmtCtx =
m_broker.getManagementContext();
> > mgmtCtx.setJmxDomainName(this.getClass().getName());
> > mgmtCtx.setConnectorPort(1099);
> > m_broker.setManagementContext(mgmtCtx);
> > if (persistent == false)
> > m_broker.setPersistenceAdapter(new
> > MemoryPersistenceAdapter());
> > m_broker.addConnector(new URI("tcp://127.0.0.1:61616"));
> > m_broker.start();
> >
> >
> > Any ideas?
> >
>
> --
> View this message in context:
http://www.nabble.com/SimpleAuthenticationBroker-not-preventing-rogue-pr
oducer---tf2622706.html#a7320366
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
--
Regards,
Hiram
Blog: http://hiramchirino.com
