Hi,
I want to enable authorization on activemq in servicemix 3
(apache-servicemix-3.6.0-fuse-00-89) but I' still getting:
WARN - TransportConnection - Failed to add Connection
ID:rafal-36377-1344948915073-6:180, reason: java.lang.SecurityException:
User name [null] or password is invalid.
ERROR - ActiveMQEndpointWorker - Failed to connect to broker
[null]: User name [null] or password is invalid.
javax.jms.JMSException: User name [null] or password is invalid.
at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
at
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1297)
at
org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1401)
at
org.apache.activemq.ActiveMQConnection.start(ActiveMQConnection.java:506)
at
org.apache.activemq.ra.ActiveMQEndpointWorker$1.run(ActiveMQEndpointWorker.java:126)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.SecurityException: User name [null] or password is
invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:682)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:283)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:148)
at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:229)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:215)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:197)
... 1 more
Caused by: javax.security.auth.login.FailedLoginException: user name is null
at
org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:146)
at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)
... 14 more
ERROR - ActiveMQEndpointWorker - Endpoint will try to reconnect
to the JMS broker in 30 seconds
and lot of very similar errors / warnings.
The authorization works because I can connect to activemq just with
defined user but the number of lines with errors and warning increases
all the time.
Should I set something else in servicemix config files to stop getting
following errors?
I've followed the http://activemq.apache.org/security.html :
* added to activemq.xml :
<plugins>
<amq:jaasAuthenticationPlugin configuration="PropertiesLogin" />
<amq:authorizationPlugin>
<amq:map>
<amq:authorizationMap>
<amq:authorizationEntries>
<amq:authorizationEntry queue=">" read="admin"
write="admin" admin="admin" />
<amq:authorizationEntry queue="USERS.>"
read="users" write="users" admin="users" />
<amq:authorizationEntry queue="GUEST.>"
read="guests" write="guests,users" admin="guests,users" />
<amq:authorizationEntry topic=">" read="admin"
write="admin" admin="admin" />
<amq:authorizationEntry topic="USERS.>"
read="users" write="users" admin="users" />
<amq:authorizationEntry topic="GUEST.>"
read="guests" write="guests,users" admin="guests,users" />
<amq:authorizationEntry
topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
admin="guests,users"/>
</amq:authorizationEntries>
<!-- let's assign roles to temporary destinations. comment
this entry if we don't want any roles assigned to temp destinations -->
<amq:tempDestinationAuthorizationEntry>
<amq:tempDestinationAuthorizationEntry
read="tempDestinationAdmins" write="tempDestinationAdmins"
admin="tempDestinationAdmins"/>
</amq:tempDestinationAuthorizationEntry>
</amq:authorizationMap>
</amq:map>
</amq:authorizationPlugin>
</plugins>
* groups.properties :
admin=smx
users=user
guests=guest
* users-passwords.properties
smx=smx
user=pass2
guest=pass1
* in servicemix.xml:
<sm:jmsFlow jmsURL="${activemq.url}" userName="smx" password="smx"/>
regards
rafal
