In my testing with 5.1, it has been the CommandAgent and Camel that cause the security-related exceptions to be hurled on broker startup. Jetty may hurl an exception if and when you try and use it. If you need to use the CommandAgent in a secure environment, you can extend it to provide a username and password. Our AMQ security plugin provides such an extended version of the CommandAgent. You may want to check it out; it's free for the taking.
http://www.ttmsolutions.com/amqsec.php4 I haven't spent too much time trying to figure out how to get Camel to provide a username and password. If someone knows, a posting describing how it's done would be greatly appreciated. Joe Get a free ActiveMQ user guide at www.ttmsolutions.com Aaron Mulder wrote: > > You're right -- commenting those out fixed the problem. > > What's the right way to configure Camel, Jetty, and the CommandAgent > to use a valid username and password? > > Thanks, > Aaron > > On Thu, May 15, 2008 at 11:13 PM, Bruce Snyder <[EMAIL PROTECTED]> > wrote: >> On Thu, May 15, 2008 at 8:49 PM, Aaron Mulder >> <[EMAIL PROTECTED]> wrote: >>> This may not be as bad as the subject sounds, but... >>> >>> I enabled security by dumping all 3 of the default files from >>> http://activemq.apache.org/security.html in activemq-5.1.0/conf and >>> then putting this in the broker config: >>> >>> <plugins> >>> <!-- use JAAS to authenticate using the login.config file >>> on the classpath to configure JAAS --> >>> <jaasAuthenticationPlugin configuration="activemq-domain" /> >>> >>> <!-- lets configure a destination based authorization >>> mechanism --> >>> <authorizationPlugin> >>> <map> >>> <authorizationMap> >>> <authorizationEntries> >>> <authorizationEntry queue=">" read="admins" >>> write="admins" admin="admins" /> >>> <authorizationEntry topic=">" read="admins" >>> write="admins" admin="admins" /> >>> </authorizationEntries> >>> </authorizationMap> >>> </map> >>> </authorizationPlugin> >>> </plugins> >>> >>> >>> The problem is, when I run ActiveMQ now (without any clients >>> connecting or anything, and using an otherwise default config), I get >>> loads of exceptions (typical stack trace below). >>> >>> I don't know what's initiating the connection that's causing the login >>> failure, but as this is a standalone broker with no clients >>> connecting, it must be something within ActiveMQ itself? The >>> underlying NPE appears to be caused by the user name it's trying to >>> authenticate being null (though that's an unfortunate manifestation). >>> >>> Anyway, any idea what I need to do to stop the exceptions? >>> >>> Thanks, >>> Aaron >>> >>> >>> java.lang.SecurityException: User name or password is invalid. >>> at >>> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83) >>> at >>> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81) >>> at >>> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88) >>> at >>> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662) >>> at >>> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86) >>> at >>> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125) >>> at >>> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292) >>> at >>> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180) >>> at >>> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68) >>> at >>> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143) >>> at >>> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206) >>> at >>> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84) >>> at >>> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196) >>> at >>> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183) >>> at java.lang.Thread.run(Thread.java:637) >>> Caused by: javax.security.auth.login.LoginException: >>> java.lang.NullPointerException >>> at java.util.Hashtable.get(Hashtable.java:334) >>> at java.util.Properties.getProperty(Properties.java:932) >>> at >>> org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:116) >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>> at java.lang.reflect.Method.invoke(Method.java:597) >>> at >>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) >>> at >>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) >>> at >>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) >>> at >>> javax.security.auth.login.LoginContext.login(LoginContext.java:579) >>> at >>> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76) >>> at >>> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81) >>> at >>> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88) >>> at >>> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662) >>> at >>> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86) >>> at >>> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125) >>> at >>> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292) >>> at >>> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180) >>> at >>> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68) >>> at >>> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143) >>> at >>> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206) >>> at >>> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84) >>> at >>> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196) >>> at >>> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183) >>> at java.lang.Thread.run(Thread.java:637) >>> >> >> If you have a default activemq.xml then there are two configurations >> that initiate connections to the broker; one for a couple of Camel >> routes and one for Jetty. Chances are it's those that there trying to >> initiate the connections. >> >> Bruce >> -- >> perl -e 'print >> unpack("u30","D0G)[EMAIL PROTECTED]&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*" >> );' >> >> Apache ActiveMQ - http://activemq.org/ >> Apache Camel - http://activemq.org/camel/ >> Apache ServiceMix - http://servicemix.org/ >> Apache Geronimo - http://geronimo.apache.org/ >> >> Blog: http://bruceblog.org/ >> >> > > -- View this message in context: http://www.nabble.com/Security-problem-with-5.1.0-tp17266685s2354p17275770.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
