Joe Thanks for the follow up. I'm almost where I need to be. I made one change. I upgraded from AMQ 5.0 to AMQ 5.1. The SecurityException went away and AMQ came up clean. But I'm still have a problem and I think it has more to do with my client code than AMQ itself. That is I'm not sure how to connect.
When I use dynamic queues my code is straightforward: requestQueue = queueSession.createQueue("Wile.Jms.Queue.Query.Asset"); queueSender = queueSession.createSender(requestQueue); Now that I'm predefining the queues the user that is trying to send to the queue does not have admin access and therefore cannot create a queue. In fact I don't want that user to create one. I want that user to use the one that was created at start up via the AMQ xml configuration (<destinations>). The problem is with the above code AMQ throws an exception: java.lang.SecurityException: User queryuser is not authorized to create: queue://Wile.Jms.Queue.Query.Asset I see why I cannot use createQueue so I'm trying to figure out how to "findQueue" and it appears the only way is via JNDI. So I tried this: Queue queue = (Queue)jndiContext.lookup("Wile.Jms.Queue.Query.Asset") ; queueSender = queueSession.createSender(queue); And I get: java.lang.SecurityException: User queryuser is not authorized to create: queue://Wile.Jms.Queue.Query.Asset So I'm not sure how to connect to a predefined queue. Can you point me at an example? Thanks Tom ttmdev wrote: > > FWIW, I have dropped your configuration into my setup (AMQ 5.1, JDK > 1.5.0_06-b05, Windoze XP Pro) > and have not encountered your problem. I have used both > jaasAuthenticationPlugin and simpleAuthenticationPlugin. > > Joe > > > > Tom Purcell wrote: >> >> Hello >> I'm trying to get the ActiveMQ authorizationPlugin to work. I'm using >> the basic jaasAuthenticationPlugin configuration="activemq-domain" >> properties logon. My activemq.xml, login.conf, users.properties and >> groups.properties are all in my <AMQ_HOME>/conf directory. My activmq.xml >> is only slightly different for the example on the site. I have removed >> jetty, camel and the commandAgent. I'm running AMQ 5.0.0 on JDK >> 1.5.0_14-b03. I delete <AMQ_HOME>/data/localhost between each run to make >> sure I come up clean. Everything works... up to a point. >> >> If I run without any defined destinations (queues or topics) >> everything works. Users with authority can access the dynamically created >> queues. Bad users and bad passwords fail. >> >> The problem is I need to run with defined destinations. When I add the >> following to my activemq.xml: >> <destinations> >> <queue physicalName="wileJmsQueryQueue"/> >> </destinations> >> >> I get the following in the log: >> 14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker | >> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 | >> Checkpoint started. >> 14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker | >> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 | >> Checkpoint done. >> 14:11:50,921 | DEBUG | main | AbstractRegion | >> q.broker.region.AbstractRegion 112 | Adding destination: >> queue://wileJmsQueryQueue >> 14:11:50,923 | INFO | main | KahaStore | >> e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory >> /data/apache-activemq-5.0.0/data/localhost/kr-store/data >> 14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue | >> AMQMessageStore | vemq.store.amq.AMQMessageStore 328 | Doing >> batch update... adding: 0 removing: 0 >> 14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue | >> AMQMessageStore | vemq.store.amq.AMQMessageStore 366 | Batch >> update done. >> 14:11:50,993 | DEBUG | main | AMQMessageStore | >> vemq.store.amq.AMQMessageStore 266 | flush starting ... >> 14:11:51,014 | DEBUG | main | AbstractRegion | >> q.broker.region.AbstractRegion 112 | Adding destination: >> topic://ActiveMQ.Advisory.Queue >> 14:11:51,025 | INFO | main | BrokerService | >> .activemq.broker.BrokerService 413 | Using Persistence Adapter: >> AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost) >> 14:11:51,029 | DEBUG | main | AMQMessageStore | >> vemq.store.amq.AMQMessageStore 266 | flush starting ... >> 14:11:51,030 | ERROR | main | BrokerService | >> .activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS >> Message Broker. Reason: java.lang.SecurityException: User is not >> authenticated. >> java.lang.SecurityException: User is not authenticated. >> at >> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52) >> at >> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151) >> at >> org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93) >> at >> org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182) >> at >> org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103) >> at >> org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112) >> at >> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153) >> at >> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153) >> at >> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153) >> at >> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153) >> at >> org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163) >> at >> org.apache.activemq.broker.BrokerService.start(BrokerService.java:422) >> at >> org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46) >> at >> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201) >> at >> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171) >> at >> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425) >> at >> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251) >> at >> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156) >> at >> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248) >> at >> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160) >> at >> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287) >> at >> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352) >> at >> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64) >> at >> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52) >> at >> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91) >> at >> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51) >> at >> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71) >> at >> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54) >> at >> org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112) >> at >> org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74) >> at >> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51) >> at >> org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104) >> at >> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51) >> at >> org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >> at java.lang.reflect.Method.invoke(Method.java:585) >> at org.apache.activemq.console.Main.runTaskClass(Main.java:222) >> at org.apache.activemq.console.Main.main(Main.java:106) >> 14:11:51,033 | INFO | main | faultListableBeanFactory | >> t.DefaultSingletonBeanRegistry 285 | Destroying singletons in >> [EMAIL PROTECTED]: >> defining beans >> [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService]; >> root of factory hierarchy >> 14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService | >> .activemq.broker.BrokerService 448 | ActiveMQ Message Broker (localhost, >> null) is shutting down >> >> Note that the broker shuts down. >> >> I've tried looking through some AMQ code and the xsd to see if I'm >> missing something in the configuration and I'm at a loss. My activemq.xml >> (with destinations) is below. Any thoughts will be appreciated. >> >> Thanks >> Tom >> >> <beans >> xmlns="http://www.springframework.org/schema/beans" >> xmlns:amq="http://activemq.org/config/1.0" >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >> xsi:schemaLocation="http://www.springframework.org/schema/beans >> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd >> http://activemq.org/config/1.0 >> http://activemq.apache.org/schema/activemq-core-5.0.0.xsd >> http://activemq.apache.org/camel/schema/spring >> http://activemq.apache.org/camel/schema/spring/camel-spring.xsd"> >> >> <!-- Allows us to use system properties as variables in this >> configuration file --> >> <bean >> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> >> >> <broker xmlns="http://activemq.org/config/1.0" brokerName="localhost" >> dataDirectory="${activemq.base}/data"> >> <destinations> >> <queue physicalName="wileJmsQueryQueue"/> >> </destinations> >> <!-- The transport connectors ActiveMQ will listen to --> >> <transportConnectors> >> <transportConnector name="openwire" >> uri="tcp://localhost:61616" discoveryUri="multicast://default"/> >> <transportConnector name="ssl" uri="ssl://localhost:61617"/> >> <transportConnector name="stomp" >> uri="stomp://localhost:61613"/> >> <transportConnector name="xmpp" >> uri="xmpp://localhost:61222"/> >> </transportConnectors> >> >> <!-- The store and forward broker networks ActiveMQ will listen >> to --> >> <networkConnectors> >> <networkConnector name="default-nc" >> uri="multicast://default"/> >> </networkConnectors> >> >> <plugins> >> <!-- use JAAS to authenticate using the login.config file on >> the classpath to configure JAAS --> >> <jaasAuthenticationPlugin configuration="activemq-domain"/> >> <!-- lets configure a destination based authorization >> mechanism --> >> <authorizationPlugin> >> <map> >> <authorizationMap> >> <authorizationEntries> >> <authorizationEntry queue=">" read="all" >> write="all" admin="all"/> >> <authorizationEntry >> topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/> >> </authorizationEntries> >> <tempDestinationAuthorizationEntry> >> <tempDestinationAuthorizationEntry read="all" >> write="all" admin="all"/> >> </tempDestinationAuthorizationEntry> >> </authorizationMap> >> </map> >> </authorizationPlugin> >> </plugins> >> </broker> >> </beans> >> >> >> >> >> >> >> > > -- View this message in context: http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17440643.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.