Secure broker and web console: Cannot send to queue

Tue, 15 Dec 2015 07:57:19 -0800 

I have added the simpleAuthenticationPlugin to my broker (ActiveMQ 5.13.0 on
linux) and configured a few users and groups. This works fine so far and
users can only access those queues they are authorized for.

I have also configured the 'system' user that has full rights on all queues:

        <plugins>
            <simpleAuthenticationPlugin anonymousAccessAllowed="true">
                <users>
                    <authenticationUser username="system"
password="mypassword" groups="admins"/>
                </users>
            </simpleAuthenticationPlugin>
            <authorizationPlugin>
                <map>
                    <authorizationMap>
                        <authorizationEntries>
                            <authorizationEntry queue=">" read="admins"
write="admins" admin="admins"/>
                        </authorizationEntries>
                    </authorizationMap>
                </map>
            </authorizationPlugin>
        </plugins>


I have also configured this username/password in the credentials.properties
file:

activemq.username=system
activemq.password=mypassword

I have not really changed the configuration of the embedded Jetty - it is
still configured to use the basic admin/admin user configured in
jetty-realm.properties. 

I can log-in to the Web console (using admin/admin) and browse queues
without problems. Sending a message to a queue doesn't work however. It
looks like the web console is using the credentials of the Jetty-User
instead of the credentials from the credentials.properties file (referenced
from webapps/admin/WEB-INF/webconsole-embedded.xml):

2015-12-15 16:43:47,309 | WARN  | Failed to add Connection
ID:multi-com-dev.csf.local-52937-1450194172730-10:1 due to
java.lang.SecurityException: User name [admin] or password is invalid. |
org.apache.activ
emq.broker.TransportConnection | ActiveMQ VMTransport: vm://localhost#11-1
2015-12-15 16:43:47,311 | WARN  | Security Error occurred on connection to:
vm://localhost#10, User name [admin] or password is invalid. |
org.apache.activemq.broker.TransportConnection.Service | ActiveMQ VM
Transport: vm://localhost#11-1
2015-12-15 16:43:47,321 | WARN  |  |
org.eclipse.jetty.servlet.ServletHandler | qtp2044695538-17
org.springframework.web.util.NestedServletException: Request processing
failed; nested exception is javax.jms.JMSSecurityException: User name
[admin] or password is invalid.
        at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:979)[spring-webmvc-4.1.8.RELEASE.jar:4.1.8.RELEASE]
        at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:869)[spring-webmvc-4.1.8.RELEASE.jar:4.1.8.RELEASE]
        at
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)[tomcat-servlet-api-8.0.24.jar:]
        at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)[spring-webmvc-4.1.8.RELEASE.jar:4.1.8.RELEASE]
        at
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)[tomcat-servlet-api-8.0.24.jar:]
        at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.apache.activemq.web.AuditFilter.doFilter(AuditFilter.java:59)[activemq-web-5.13.0.jar:5.13.0]
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)[spring-web-4.1.8.RELEASE.jar:4.1.8.RELEASE]
        at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)[spring-web-4.1.8.RELEASE.jar:4.1.8.RELEASE]
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.apache.activemq.web.filter.ApplicationContextFilter.doFilter(ApplicationContextFilter.java:102)[file:/opt/apache-activemq-5.13.0/webapps/admin/WEB-INF/classes/:]
        at
org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:542)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:542)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.Server.handle(Server.java:499)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)[jetty-all-9.2.13.v20150730.jar:9.2.13.v20150730]
        at java.lang.Thread.run(Thread.java:744)[:1.7.0_45]


What am I missing?

Thanks,
Kai




--
View this message in context: 
http://activemq.2283324.n4.nabble.com/Secure-broker-and-web-console-Cannot-send-to-queue-tp4704992.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Reply via email to