Noone uses PropertiesLoginModule and reloading?
Gary, so I should file a jira for this right?
BR,
- Simon
On Thu, 2016-03-10 at 17:14:48 +0100, Simon Lundström wrote:
> Hi!
>
> I talked to Gary Tully on IRC (and mail) and we decided it was best that
> I mailed the mailinglist since he was pretty sure that someone here had
> solved this.
>
> We are running 5.13.0 and are trying to get {user,group}s.properties to
> be reloaded automatically when they are changed.
>
> In the init.d-script we've added:
> ACTIVEMQ_OPTS+="
> -Djava.security.auth.login.config=/local/activemq/conf/login.config "
>
> and login.config looks like this:
> activemq-domain {
> org.apache.activemq.jaas.PropertiesLoginModule required
> debug=true
> reload=true
> org.apache.activemq.jaas.properties.user="users.properties"
>
> org.apache.activemq.jaas.properties.group="../conf.d/approved/groups.properties"
> ;
> };
>
> users.properties:
> system=manager
> nagios=nagios
>
> groups.properties:
> monitoring=system
>
> activemq.xml excerpt:
> […]
> <plugins>
> <!-- The configuration value matches the JAAS realm in login.config -->
> <jaasAuthenticationPlugin configuration="activemq-domain" />
>
> <!-- Enable hot reloading of the The configuration value matches the
> JAAS realm in login.config -->
> <runtimeConfigurationPlugin checkPeriod="0" />
>
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntry
> queue="aliveness-test"
> read="monitoring"
> write="monitoring"
> admin="monitoring"
> />
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> […]
>
> With this configuration the user nagios should be able to access the queue
> aliveness-test.
> To reproduce, modify groups.properties so it looks like:
> monitoring=system,nagios
>
> Check your logs (you need to enable debug logging on
> org.apache.activemq.jaas.ReloadableProperties):
> {"thread":"ActiveMQ NIO Worker
> 622","level":"DEBUG","loggerName":"org.apache.activemq.jaas.ReloadableProperties","message":"Load
> of: PropsFile=/local/activemq/conf/../conf.d/approved/groups.properties"}
> so the reloading works, but nagios still can't consume from (or produce to)
> the queue:
> {"thread":"ActiveMQ NIO Worker
> 2","level":"WARN","loggerName":"org.apache.activemq.broker.TransportConnection.Service","message":"Security
> Error occurred on connection to: tcp://0:0:0:0:0:0:0:1:45357, User nagios is
> not authorized to read from: queue://aliveness-test"}
>
> Note: If I restart ActiveMQ nagios can consume and produce from the
> queue.
>
> Is there any configuration that I've missed?
> Is this a bug?
>
> BR,
> - Simon
>
> ____________________________________
>
> Simon Lundström
> Section for Infrastructure
>
> IT Services
> Stockholm University
> SE-106 91 Stockholm, Sweden
>
> www.su.se/english/staff-info/it
