Re: ActiveMQ Authorization in Servicemix 3 - lot of warns and errors

Mon, 20 Aug 2012 01:08:38 -0700

Title: Software Mind
Hi,

of course but please tell me what exactly would be useful here?
The things that ware changed are mentioned below, the rest is a default configuration.
I'm working on Kubuntu 12.04 (32bit).

regards

rafal

 

On 14.08.2012 18:00, Jean-Baptiste Onofré wrote:
Hi Rafal,

could you share your configuration ?

Thanks
Regards
JB

On 08/14/2012 03:11 PM, Rafal Janik wrote:
Hi,

I want to enable authorization on activemq in servicemix 3
(apache-servicemix-3.6.0-fuse-00-89) but I' still getting:

WARN  - TransportConnection            - Failed to add Connection
ID:rafal-36377-1344948915073-6:180, reason: java.lang.SecurityException:
User name [null] or password is invalid.
ERROR - ActiveMQEndpointWorker         - Failed to connect to broker
[null]: User name [null] or password is invalid.
javax.jms.JMSException: User name [null] or password is invalid.
         at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)

         at
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1297)

         at
org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1401)

         at
org.apache.activemq.ActiveMQConnection.start(ActiveMQConnection.java:506)
         at
org.apache.activemq.ra.ActiveMQEndpointWorker$1.run(ActiveMQEndpointWorker.java:126)

         at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

         at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

         at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.SecurityException: User name [null] or password is
invalid.
         at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)

         at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
         at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)

         at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:682)

         at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)

         at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)
         at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:283)

         at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:148)

         at
org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)

         at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)

         at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:229)

         at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)

         at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:215)
         at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:197)
         ... 1 more
Caused by: javax.security.auth.login.FailedLoginException: user name is
null
         at
org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:146)

         at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
         at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

         at java.lang.reflect.Method.invoke(Method.java:597)
         at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
         at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
         at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
         at java.security.AccessController.doPrivileged(Native Method)
         at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
         at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
         at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)

         ... 14 more
ERROR - ActiveMQEndpointWorker         - Endpoint will try to reconnect
to the JMS broker in 30 seconds


and lot of very similar errors / warnings.
The authorization works because I can connect to activemq just with
defined user but the number of lines with errors and warning increases
all the time.
Should I set something else in servicemix config files to stop getting
following errors?



I've followed the http://activemq.apache.org/security.html :
  * added to activemq.xml :
     <plugins>
          <amq:jaasAuthenticationPlugin configuration="PropertiesLogin" />

         <amq:authorizationPlugin>
             <amq:map>
                   <amq:authorizationMap>
                     <amq:authorizationEntries>
                       <amq:authorizationEntry queue=">" read="admin"
write="admin" admin="admin" />
                       <amq:authorizationEntry queue="USERS.>"
read="users" write="users" admin="users" />
                       <amq:authorizationEntry queue="GUEST.>"
read="guests" write="guests,users" admin="guests,users" />

                       <amq:authorizationEntry topic=">" read="admin"
write="admin" admin="admin" />
                       <amq:authorizationEntry topic="USERS.>"
read="users" write="users" admin="users" />
                       <amq:authorizationEntry topic="GUEST.>"
read="guests" write="guests,users" admin="guests,users" />

                       <amq:authorizationEntry
topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users"
admin="guests,users"/>
                     </amq:authorizationEntries>

             <!-- let's assign roles to temporary destinations. comment
this entry if we don't want any roles assigned to temp destinations  -->
             <amq:tempDestinationAuthorizationEntry>
               <amq:tempDestinationAuthorizationEntry
read="tempDestinationAdmins" write="tempDestinationAdmins"
admin="tempDestinationAdmins"/>
            </amq:tempDestinationAuthorizationEntry>
           </amq:authorizationMap>
         </amq:map>
       </amq:authorizationPlugin>

</plugins>

  * groups.properties :
         admin=smx
         users=user
         guests=guest

  * users-passwords.properties
     smx=smx
     user=pass2
     guest=pass1

  * in servicemix.xml:
<sm:jmsFlow jmsURL="${activemq.url}" userName="smx" password="smx"/>


regards


rafal





--

Software Mind

Rafal Janik
Software Engineer

 

Mobile: +48­ 668­ 483­ 613
Phone: +48 12­ 252­ 34­ 00
Fax: +48­ 12­ 252­ 34­ 01
[email protected]

Software Mind SA
ul. Bociana 22A
31-231 Krakow, Poland
www.softwaremind.com

 Focused on Results

Software Mind SA based in Krakow at ul. Bociana 22A, 31-231 Krakow NIP 9452012822, seed capital PLN 500,000.00 (fully paid up), KRS 0000300409, District Court Kraków Śródmieście, XI Economics Department of the National Court Register
The following message is confidential. The full content of the stipulation is avaliable under this link.

Reply via email to