[
https://issues.apache.org/jira/browse/AMQ-6236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul updated AMQ-6236:
----------------------
Description:
download 5.13.2 - don't touch it other than to extract that tar
cd into ActiveMQ home
export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
bin/activemq console xbean:examples/conf/activemq-security.xml
(starts up)
Run this java code: note absence of all username and password fields:
public static void main(String[] args) throws Exception{
System.out.println("1");
System.out.println("2");
ConnectionFactory cf =
new ActiveMQConnectionFactory("tcp://192.168.3.106:61616");
System.out.println("3");
Connection conn = cf.createConnection();//userName, password);
System.out.println("4");
}
Output is:
1
2
3
4
There are no exceptions at all. In debug mode I can step over the
connection-creation.
*Surely* this should fail? I have in fact been unable to get any connection
rejected no matter how I configure it. Is this the result of connecting from
the machine on which ActiveMQ is running?
I want to believe this is user error but after hours I am unable to prove
myself at fault.
If I add anonymousAccessAllowed="false" to the simpleAuthenticationPlugin I get
the same behavior
was:
download 5.13.2 - don't touch it other than to extract that tar
cd into ActiveMQ home
export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
bin/activemq console xbean:examples/conf/activemq-security.xml
(starts up)
Run this java code: note absence of all username and password fields:
public static void main(String[] args) throws Exception{
System.out.println("1");
System.out.println("2");
ConnectionFactory cf =
new ActiveMQConnectionFactory("tcp://192.168.3.106:61616");
System.out.println("3");
Connection conn = cf.createConnection();//userName, password);
System.out.println("4");
}
Output is:
1
2
3
4
There are no exceptions at all. In debug mode I can step over the
connection-creation.
*Surely* this should fail? I have in fact been unable to get any connection
rejected no matter how I configure it. Is this the result of connecting from
the machine on which ActiveMQ is running?
I want to believe this is user error but after hours I am unable to prove
myself at fault.
> OOTB, security does not appear to work
> --------------------------------------
>
> Key: AMQ-6236
> URL: https://issues.apache.org/jira/browse/AMQ-6236
> Project: ActiveMQ
> Issue Type: Bug
> Components: security
> Affects Versions: 5.13.2
> Environment: Mac OSX 10.11.3 (15D21)
> java version "1.8.0_66"
> Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
> Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)
> Reporter: Paul
>
> download 5.13.2 - don't touch it other than to extract that tar
> cd into ActiveMQ home
> export ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
> bin/activemq console xbean:examples/conf/activemq-security.xml
> (starts up)
> Run this java code: note absence of all username and password fields:
> public static void main(String[] args) throws Exception{
> System.out.println("1");
> System.out.println("2");
> ConnectionFactory cf =
> new ActiveMQConnectionFactory("tcp://192.168.3.106:61616");
> System.out.println("3");
> Connection conn = cf.createConnection();//userName, password);
> System.out.println("4");
> }
> Output is:
> 1
> 2
> 3
> 4
> There are no exceptions at all. In debug mode I can step over the
> connection-creation.
> *Surely* this should fail? I have in fact been unable to get any connection
> rejected no matter how I configure it. Is this the result of connecting from
> the machine on which ActiveMQ is running?
> I want to believe this is user error but after hours I am unable to prove
> myself at fault.
> If I add anonymousAccessAllowed="false" to the simpleAuthenticationPlugin I
> get the same behavior
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
