Hello,
I try to configure JAAS to secure my broker and web console. Therefore I
created login.config file with
ActiveMQ {
org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/full/path/to/realm.properties";
};
and my realm properties looks like
system: manager,admins
Further I added
<plugins>
<jaasAuthenticationPlugin configuration="ActiveMQ" />
<!-- lets configure a destination based authorization
mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry
queue=">" read="admins"
write="admins"
admin="admins" />
<authorizationEntry
topic=">" read="admins"
write="admins"
admin="admins" />
</authorizationEntries>
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry
read="admins"
write="admins" admin="admins" />
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
to my broker.
I already use my jaas config successfully to login to my web console with
given credentials. But if I try to send a message to a queue I get the
following error:
DEBUG TransportConnection - Setting up new connection:
/127.0.0.1:35604
WARN TransportConnection - Failed to add Connection
java.lang.SecurityException: User name or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:679)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:305)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at
org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
at
org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:475)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:187)
at
org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.security.auth.login.LoginException: Login Failure: all
modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)
... 17 more
DEBUG Service - Error occured while processing sync
command: java.lang.SecurityException: User name or password is invalid.
java.lang.SecurityException: User name or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:679)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:305)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at
org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
at
org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:475)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:187)
at
org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.security.auth.login.LoginException: Login Failure: all
modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)
... 17 more
DEBUG Transport - Transport failed:
java.io.IOException: User name or password is invalid.
java.io.IOException: User name or password is invalid.
at
org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:39)
at
org.apache.activemq.transport.stomp.ProtocolConverter$2.onResponse(ProtocolConverter.java:482)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onActiveMQCommad(ProtocolConverter.java:551)
at
org.apache.activemq.transport.stomp.StompTransportFilter.oneway(StompTransportFilter.java:56)
at
org.apache.activemq.transport.MutexTransport.oneway(MutexTransport.java:40)
at
org.apache.activemq.broker.TransportConnection.dispatch(TransportConnection.java:1207)
at
org.apache.activemq.broker.TransportConnection.processDispatch(TransportConnection.java:793)
at
org.apache.activemq.broker.TransportConnection.dispatchSync(TransportConnection.java:752)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at
org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
at
org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:475)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:187)
at
org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.SecurityException: User name or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:679)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:305)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
... 10 more
Caused by: javax.security.auth.login.LoginException: Login Failure: all
modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)
... 17 more
DEBUG TransportConnection - Stopping connection: /127.0.0.1:35604
DEBUG TcpTransport - Stopping transport
tcp:///127.0.0.1:35604
DEBUG TransportConnection - Stopped transport: /127.0.0.1:35604
DEBUG TransportConnection - Cleaning up connection resources:
/127.0.0.1:35604
WARN Service - Failed to remove connection
ConnectionInfo {commandId = 0, responseRequired = true, connectionId =
ID:tank2-58514-1230731215437-2:0, clientId =
ID:tank2-58514-1230731215437-2:0, userName = system, password = manager,
brokerPath = null, brokerMasterConnector = false, manageable = false,
clientMaster = true}
java.lang.SecurityException: User is not authenticated.
at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
at
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:417)
at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:432)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:362)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:357)
at
org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:217)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.security.JaasAuthenticationBroker.removeConnection(JaasAuthenticationBroker.java:95)
at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
at
org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
at
org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:721)
at
org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:1000)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.doStop(ManagedTransportConnection.java:74)
at
org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:925)
DEBUG TransportConnection - Connection Stopped: /127.0.0.1:35604
Hope somone can help me =)
kind regards,
geezmo
--
View this message in context:
http://www.nabble.com/5.2.0-JAAS-Problem-tp21231778p21231778.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
