I just tried it on my local machine and I get the same behaviour with ActiveMQ 5.12.1:
WARN | Failed to add Connection ID:localhost-55849-1450257982869-9:1 due to java.lang.SecurityException: User name [admin] or password is invalid. WARN | Security Error occurred on connection to: vm://localhost#6, User name [admin] or password is invalid. WARN | org.springframework.web.util.NestedServletException: Request processing failed; nested exception is javax.jms.JMSSecurityException: User name [admin] or password is invalid. at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:965)[spring-webmvc-3.2.11.RELEASE.jar:3.2.11.RELEASE] ... The strange thing is that browsing of queues etc works fine - even though there is no user with name 'admin' defined in ActiveMQ. Anonymous access is enabled but I can even browse those queues the anonymous user shouldn't have access to. Therefore I assume that read access from the web console uses the 'system' user as configured. I am also able to create new queues from the web console which again indicates that the 'system' user is used in this case. Only sending a message to a queue doesn't work. Any ideas? For completeness, here my full authorization map: <authorizationMap> <authorizationEntries> <authorizationEntry queue=">" read="admins" write="admins" admin="admins"/> <authorizationEntry queue="USER_A.>" read="group_a" write="group_a" admin="admins"/> <authorizationEntry queue="USER_B.>" read="group_b" write="group_b" admin="group_b"/> <authorizationEntry queue="GENERAL.>" read="group_a,anonymous" write="group_a,anonymous" admin="group_a,anonymous"/> <authorizationEntry topic="ActiveMQ.Advisory.>" read="group_a,group_b,anonymous" write="group_a,group_b,anonymous" admin="group_a,group_b,anonymous"/> </authorizationEntries> </authorizationMap> Kai christopher.l.shannon wrote > Did this used to work in an older version of ActiveMQ, such as 5.12.1? If > so, you can open up a JIRA and I will take a look. > > It's possible there is a regression here because a lot of changes were > made > when the upgrade was done from Jetty 8 to Jetty 9.2 since there are API > incompatibilities between the two versions. > > On Tue, Dec 15, 2015 at 10:34 AM, Kai B < > kai.broszat@ > > wrote: > >> I have added the simpleAuthenticationPlugin to my broker (ActiveMQ 5.13.0 >> on >> linux) and configured a few users and groups. This works fine so far and >> users can only access those queues they are authorized for. >> >> I have also configured the 'system' user that has full rights on all >> queues: >> >> > <plugins> >> > <simpleAuthenticationPlugin anonymousAccessAllowed="true"> >> > <users> >> > <authenticationUser username="system" >> > password="mypassword" groups="admins"/> >> > </users> >> > </simpleAuthenticationPlugin> >> > <authorizationPlugin> >> > <map> >> > <authorizationMap> >> > <authorizationEntries> >> > <authorizationEntry queue="> > " read="admins" >> write="admins" admin="admins"/> >> > </authorizationEntries> >> > </authorizationMap> >> > </map> >> > </authorizationPlugin> >> > </plugins> >> >> >> I have also configured this username/password in the >> credentials.properties >> file: >> >> activemq.username=system >> activemq.password=mypassword >> >> I have not really changed the configuration of the embedded Jetty - it is >> still configured to use the basic admin/admin user configured in >> jetty-realm.properties. >> >> I can log-in to the Web console (using admin/admin) and browse queues >> without problems. Sending a message to a queue doesn't work however. It >> looks like the web console is using the credentials of the Jetty-User >> instead of the credentials from the credentials.properties file >> (referenced >> from webapps/admin/WEB-INF/webconsole-embedded.xml): >> >> 2015-12-15 16:43:47,309 | WARN | Failed to add Connection >> ID:multi-com-dev.csf.local-52937-1450194172730-10:1 due to >> java.lang.SecurityException: User name [admin] or password is invalid. | >> org.apache.activ >> emq.broker.TransportConnection | ActiveMQ VMTransport: >> vm://localhost#11-1 >> 2015-12-15 16:43:47,311 | WARN | Security Error occurred on connection >> to: >> vm://localhost#10, User name [admin] or password is invalid. | >> org.apache.activemq.broker.TransportConnection.Service | ActiveMQ VM >> Transport: vm://localhost#11-1 >> 2015-12-15 16:43:47,321 | WARN | | >> org.eclipse.jetty.servlet.ServletHandler | qtp2044695538-17 >> org.springframework.web.util.NestedServletException: Request processing >> failed; nested exception is javax.jms.JMSSecurityException: User name >> [admin] or password is invalid. >> at >> >> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:979)[spring-webmvc-4.1.8.RELEASE.jar:4.1.8.RELEASE] >> at >> >> org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:869)[spring-webmvc-4.1.8.RELEASE.jar:4.1.8.RELEASE] >> at >> > ... > >> What am I missing? >> >> Thanks, >> Kai -- View this message in context: http://activemq.2283324.n4.nabble.com/Secure-broker-and-web-console-Cannot-send-to-queue-tp4704992p4705035.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.