I tried to implement a custom JAAS authentication module with
apache-artemis-1.3.0.
In bootstrap.xml,
<jaas-security domain="CustomLogin"/>
In login.config,
CustomLogin {
com.activemq.core.CustomLoginModule Sufficient
core.url="http://localhost:8080/jaas";;
};
Call flow seems to get executed properly. LoginModule.login() is called and
returns true as in a normal case.
But I get a javax.jms.JMSSecurityException error saying "AMQ119032: User:
amq does not have permission='CREATE_DURABLE_QUEUE' on address
jms.queue.TestQueue"
I looked up in the internet, and found some posts regarding same sort of
issue in activemq/apollo.
In activemq these sort of issues might require us to provide a authorization
so that user gets read/write/connect/create permissions.
<plugins>
<jaasAuthenticationPlugin configuration="activemq-domain" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="foobarQueue"
write="foobarGroup"
read="foobarGroup"
admin="foobarGroup"
/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
In apollo, <access_rule allow="users" action="connect create destroy send
receive consume"/>
and put the following line of code in LoginModule.login()
principals.add(new GroupPrincipal("users"));
But I cant find a way to sort it out in artemis. <plugin> tag doesnt work in
artemis I beleive. I dont even know if its about authorization issue to be
honest. But no error/exception is thrown from CustomLoginModule class.
What might be the cause for this JMSSecurityException? if its regarding
authorization, what is authorization plugin format in artemis? Any insight
into this is much appreciated.
--
View this message in context:
http://activemq.2283324.n4.nabble.com/User-privileges-exception-thrown-from-jaas-Authorization-plugin-format-for-jaas-artemis-tp4719410.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
