Noone uses PropertiesLoginModule and reloading? Gary, so I should file a jira for this right?
BR, - Simon On Thu, 2016-03-10 at 17:14:48 +0100, Simon Lundström wrote: > Hi! > > I talked to Gary Tully on IRC (and mail) and we decided it was best that > I mailed the mailinglist since he was pretty sure that someone here had > solved this. > > We are running 5.13.0 and are trying to get {user,group}s.properties to > be reloaded automatically when they are changed. > > In the init.d-script we've added: > ACTIVEMQ_OPTS+=" > -Djava.security.auth.login.config=/local/activemq/conf/login.config " > > and login.config looks like this: > activemq-domain { > org.apache.activemq.jaas.PropertiesLoginModule required > debug=true > reload=true > org.apache.activemq.jaas.properties.user="users.properties" > > org.apache.activemq.jaas.properties.group="../conf.d/approved/groups.properties" > ; > }; > > users.properties: > system=manager > nagios=nagios > > groups.properties: > monitoring=system > > activemq.xml excerpt: > […] > <plugins> > <!-- The configuration value matches the JAAS realm in login.config --> > <jaasAuthenticationPlugin configuration="activemq-domain" /> > > <!-- Enable hot reloading of the The configuration value matches the > JAAS realm in login.config --> > <runtimeConfigurationPlugin checkPeriod="0" /> > > <authorizationPlugin> > <map> > <authorizationMap> > <authorizationEntry > queue="aliveness-test" > read="monitoring" > write="monitoring" > admin="monitoring" > /> > </authorizationEntries> > </authorizationMap> > </map> > </authorizationPlugin> > […] > > With this configuration the user nagios should be able to access the queue > aliveness-test. > To reproduce, modify groups.properties so it looks like: > monitoring=system,nagios > > Check your logs (you need to enable debug logging on > org.apache.activemq.jaas.ReloadableProperties): > {"thread":"ActiveMQ NIO Worker > 622","level":"DEBUG","loggerName":"org.apache.activemq.jaas.ReloadableProperties","message":"Load > of: PropsFile=/local/activemq/conf/../conf.d/approved/groups.properties"} > so the reloading works, but nagios still can't consume from (or produce to) > the queue: > {"thread":"ActiveMQ NIO Worker > 2","level":"WARN","loggerName":"org.apache.activemq.broker.TransportConnection.Service","message":"Security > Error occurred on connection to: tcp://0:0:0:0:0:0:0:1:45357, User nagios is > not authorized to read from: queue://aliveness-test"} > > Note: If I restart ActiveMQ nagios can consume and produce from the > queue. > > Is there any configuration that I've missed? > Is this a bug? > > BR, > - Simon > > ____________________________________ > > Simon Lundström > Section for Infrastructure > > IT Services > Stockholm University > SE-106 91 Stockholm, Sweden > > www.su.se/english/staff-info/it