We are using Apache ActiveMQ version 5.15.8.
We have created Broker to Broker ActiveMQ network using ssh tunneling.
Broker-A is enqueuing messages & messages are getting dequeued at Broker-B
end.
We have added below configuration to restrict the Broker-A from creating new
queues other than specified one.
Below is configuration at Broker-B:
a) Contents added in activemq.xml
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="admin" password="
adminpassword" groups="admins,all" />
<authenticationUser username="test"
password="testpassword " groups="admins,all" />
</users>
</simpleAuthenticationPlugin>
<jaasAuthenticationPlugin configuration="activemq" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="demo.test " read="admins"
write="admins" admin="admins" />
<authorizationEntry topic="ActiveMQ.Advisory.>"
read="admins" write="admins" admin="admins"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
b) Contents of users.properties
admin= adminpassword
test= testpassword
c) Contents of groups.properties
admins=admin,test
all=admin,test
d) Contents of credentials.properties
activemq.username=admin
activemq.password= adminpassword
e) Contents of jetty-realm.properties
admin: adminpassword, admin
test: testpassword, admin
Below is configuration at Broker-A:
a) Contents added in activemq.xml
<networkConnectors>
<networkConnector name="testlinkconnector" userName="admin"
password=" adminpassword "
uri="static:(tcp://127.0.0.1:61618)?connection.useCompression=true"
staticBridge="true">
<staticallyIncludedDestinations>
<queue physicalName=" demo.test"/>
</staticallyIncludedDestinations>
</networkConnector>
If we just add <simpleAuthenticationPlugin> plugin in Broker-B configuration
then bridge connection is working between Broker-A to Broker-B.
But when are adding <simpleAuthenticationPlugin>, <jaasAuthenticationPlugin>
and <authorizationPlugin> Broker-B configuration then bridge connection is
not working.
We are getting below error at Broker-A end.
2019-04-18 05:04:20,932 | INFO | localhost bridge to localhost stopped |
org.apache.activemq.network.DemandForwardingBridgeSupport | ActiveMQ
BrokerService[localhost] Task-2263
2019-04-18 05:04:50,930 | INFO | Establishing network connection from
vm://localhost to tcp://127.0.0.1:61618 |
org.apache.activemq.network.DiscoveryNetworkConnector | ActiveMQ Task-2
2019-04-18 05:04:50,973 | INFO | Network connection between
vm://localhost#4146 and tcp:///127.0.0.1:61618@37514 (localhost) has been
established. | org.apache.activemq.network.DemandForwardingBridgeSupport |
triggerStartAsyncNetworkBridgeCreation:
remoteBroker=tcp:///127.0.0.1:61618@37514, localBroker= vm://localhost#4146
2019-04-18 05:04:50,977 | ERROR | Network connection between
vm://localhost#4146 and tcp:///127.0.0.1:61618@37514 shutdown due to a
remote error: {} | org.apache.activemq.network.DemandForwardingBridgeSupport
| ActiveMQ Transport: tcp:///127.0.0.1:61618@37514
java.lang.SecurityException: User name [admin] or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.8.jar:5.15.8]
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)[activemq-broker-5.15.8.jar:5.15.8]
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.8.jar:5.15.8]
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.8.jar:5.15.8]
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.8.jar:5.15.8]
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.8.jar:5.15.8]
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.8.jar:5.15.8]
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.8.jar:5.15.8]
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.8.jar:5.15.8]
at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[activemq-client-5.15.8.jar:5.15.8]
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)[activemq-client-5.15.8.jar:5.15.8]
at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)[activemq-client-5.15.8.jar:5.15.8]
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.8.jar:5.15.8]
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.8.jar:5.15.8]
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.8.jar:5.15.8]
at java.lang.Thread.run(Thread.java:748)[:1.8.0_191]
We want that Broker-A can only send messages if it is having proper
credentials and Broker-A can only create or sends messages to the specific
queue (demo.test)at Broker-B end.
Broker-A can only create demo.test queue at Broker-B end if it does not
exist. Broker-A should not create or sends messages to any other queue at
Broker-B end though it is having proper credentials.
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
