[
https://issues.apache.org/jira/browse/QPID-794?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12652496#action_12652496
]
Robert Gemmell commented on QPID-794:
-------------------------------------
Feel free to call me Robbie, Robert is just my sunday name and what I use for
(semi)official signups hehe :)
I did indeed try it, and use it all the time like that now. It goes at
plugins/jmxremote.sasl_1.0.1/jmxremote_optional.jar. If it is there it works
for me, and if it isnt I get the new error I inserted "JMXMPConnector class was
not found, security unavailable.", which is perhaps not specific enough and
should have mentioned the lack of and expected location of the
jmxremote_optional.jar
Just to be sure you saw it above, along with the patch for this you also need
the patch for QPID-1481 to get the use of the jmxremote_optional.jar working in
order to use the -Dsecurity=CRAM-MD5 flag. Also, whilst I didnt say so above,
its possible you may need the patch for QPI-1482 (which is absolutely required
if you want to use -Dsecurity=PLAIN) as in retrospect I only ever attempted to
use -Dsecurity=CRAM-MD5 after I ensured PLAIN was working, so there may be some
linkage in the fixes there that I have missed. The only thing that sticks out
in that one that can affect connectivity for -Dsecurity=CRAM-MD5 connections
though is a workaround I put in place for when using Eclipse to launch the
process, which doesnt impact external startup for me.
This is the process i go through to launch the broker and console and establish
a connection with authentication:
Do an 'ant clean build release-bin'.
Edit the java/build/etc/config.xml file to enable management security, and
select the appropriate type of principal database (BASE64MD5 for
CRAM-MD5(hashed) security or Plain for PLAIN security) and password file
(md5passwd or passwd respectively).
Ensure jmxremote.access permissions match the passwd or md5passwd file
according to the user accounts i want to use and the principal databse type in
use (the 'passwd' file doenst match correctly by default, which is why the
default configured broker startup messages note the lack of jmx permissions for
the users affected. I add admin:admin to 'passwd' to ensure both password files
have guest:guest and admin:admin equivalents)
Edit the management consoles qpidmc.sh to add -Dsecurity=CRAM-MD5 or
-Dsecurity=PLAIN depending on the type of PD in use, copy
jmxremote_optional.jar to the eclipse/plugins/jmxremote.sasl_1.0.1/ folder in
the management consoles release directory, start the management console.
Add jmxremote_optional.jar to the CLASSPATH env variable (which is otherwise
non-existant in my case), set QPID_HOME and QPID_WORK to the java/build folder,
and start the broker with $QPID_HOME/bin/qpid-server
-run:external-classpath=first to ensure it picks it up, which examining the log
file (now required since the broker doesnt output logging info to the console
anymore) reveals to work as the broker starts up with SASL authentication for
JMX, and doesnt if you dont supply the classpath entry (raises an exception
because it doenst support JMXMP without the jar).
> Management Console can't connect using authentication
> -----------------------------------------------------
>
> Key: QPID-794
> URL: https://issues.apache.org/jira/browse/QPID-794
> Project: Qpid
> Issue Type: Bug
> Components: Java Broker, Java Management : JMX Console
> Reporter: Aidan Skinner
> Assignee: Martin Ritchie
> Attachments: QPID-794_22nov2008.patch
>
>
> It is not possible to connect the management console to the broker using jmx
> authentication, it makes the broker throw the following exception:
> GenericConnectorServer ClientCreation.run
> WARNING: Failed to open connection: java.io.StreamCorruptedException: invalid
> stream header
> java.io.StreamCorruptedException: invalid stream header
> at
> java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:764)
> at java.io.ObjectInputStream.<init>(ObjectInputStream.java:277)
> at
> com.sun.jmx.remote.socket.SocketConnection$ObjectInputStreamWithLoader.<init>(SocketConnection.java:354)
> at
> com.sun.jmx.remote.socket.SocketConnection.readMessage(SocketConnection.java:204)
> at
> com.sun.jmx.remote.opt.security.AdminServer.connectionOpen(AdminServer.java:76)
> at
> com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl.connect(ServerSynchroMessageConnectionImpl.java:58)
> at
> javax.management.remote.generic.GenericConnectorServer$ClientCreation.run(GenericConnectorServer.java:405)
> at
> com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)
> at com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
