Beware that the commandAgent, which is now commented out in the default activemq.xml, will also initiate a connection.
Joe bsnyder wrote: > > On Thu, May 15, 2008 at 8:49 PM, Aaron Mulder > <[EMAIL PROTECTED]> wrote: >> This may not be as bad as the subject sounds, but... >> >> I enabled security by dumping all 3 of the default files from >> http://activemq.apache.org/security.html in activemq-5.1.0/conf and >> then putting this in the broker config: >> >> <plugins> >> <!-- use JAAS to authenticate using the login.config file >> on the classpath to configure JAAS --> >> <jaasAuthenticationPlugin configuration="activemq-domain" /> >> >> <!-- lets configure a destination based authorization mechanism >> --> >> <authorizationPlugin> >> <map> >> <authorizationMap> >> <authorizationEntries> >> <authorizationEntry queue=">" read="admins" >> write="admins" admin="admins" /> >> <authorizationEntry topic=">" read="admins" >> write="admins" admin="admins" /> >> </authorizationEntries> >> </authorizationMap> >> </map> >> </authorizationPlugin> >> </plugins> >> >> >> The problem is, when I run ActiveMQ now (without any clients >> connecting or anything, and using an otherwise default config), I get >> loads of exceptions (typical stack trace below). >> >> I don't know what's initiating the connection that's causing the login >> failure, but as this is a standalone broker with no clients >> connecting, it must be something within ActiveMQ itself? The >> underlying NPE appears to be caused by the user name it's trying to >> authenticate being null (though that's an unfortunate manifestation). >> >> Anyway, any idea what I need to do to stop the exceptions? >> >> Thanks, >> Aaron >> >> >> java.lang.SecurityException: User name or password is invalid. >> at >> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83) >> at >> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81) >> at >> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88) >> at >> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662) >> at >> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86) >> at >> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125) >> at >> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292) >> at >> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180) >> at >> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68) >> at >> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143) >> at >> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206) >> at >> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84) >> at >> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196) >> at >> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183) >> at java.lang.Thread.run(Thread.java:637) >> Caused by: javax.security.auth.login.LoginException: >> java.lang.NullPointerException >> at java.util.Hashtable.get(Hashtable.java:334) >> at java.util.Properties.getProperty(Properties.java:932) >> at >> org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:116) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:597) >> at >> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) >> at >> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) >> at >> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) >> at java.security.AccessController.doPrivileged(Native Method) >> at >> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) >> at >> javax.security.auth.login.LoginContext.login(LoginContext.java:579) >> at >> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76) >> at >> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81) >> at >> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88) >> at >> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662) >> at >> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86) >> at >> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125) >> at >> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292) >> at >> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180) >> at >> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68) >> at >> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143) >> at >> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206) >> at >> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84) >> at >> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196) >> at >> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183) >> at java.lang.Thread.run(Thread.java:637) >> > > If you have a default activemq.xml then there are two configurations > that initiate connections to the broker; one for a couple of Camel > routes and one for Jetty. Chances are it's those that there trying to > initiate the connections. > > Bruce > -- > perl -e 'print > unpack("u30","D0G)[EMAIL PROTECTED]&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*" > );' > > Apache ActiveMQ - http://activemq.org/ > Apache Camel - http://activemq.org/camel/ > Apache ServiceMix - http://servicemix.org/ > Apache Geronimo - http://geronimo.apache.org/ > > Blog: http://bruceblog.org/ > > -- View this message in context: http://www.nabble.com/Security-problem-with-5.1.0-tp17266685s2354p17267222.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
