activemq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Concombre Masqué (JIRA) <j...@apache.org>
Subject [jira] Updated: (AMQ-2516) SecurityException raised when broker tries to move expired message to DLQ
Date Thu, 26 Nov 2009 14:43:52 GMT

     [ https://issues.apache.org/activemq/browse/AMQ-2516?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Concombre Masqué updated AMQ-2516:
----------------------------------

    Description: 
I have enabled authentication + authorization in my broker configuration file as follows:

<jaasAuthenticationPlugin configuration="PropertiesLogin" />

<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="users" write="users" admin="users"/>
<authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>

If I send a message with a TTL into the queue (using provided sample configured with the right
username and password) and then try to look after the message in the queue after it has expired
using the Web Console, I got the following exception:

"Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false
locked=false
java.lang.SecurityException: User is not authenticated."

This only occurs when the broker has to deal with the DLQ. I can successfully read/write in
any queue.

It seems that the thread responsible for moving the message into the DLQ doesn't have the
right to perform this action (username and password not propagated to its connexion context).


  was:
I have enabled authentication + authorization in my broker configuration file as follows:

<jaasAuthenticationPlugin configuration="PropertiesLogin" />

<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="users" write="users" admin="users"/>
<authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>

If I send a message with a TTL into the queue (using a client configured with the right username
and password) and then try to look after the message in the queue after it has expired using
the Web Console, I got the following exception:

"Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1 dropped=false
locked=false
java.lang.SecurityException: User is not authenticated."

This only occurs when the broker has to deal with the DLQ. I can successfully read/write in
any queue from either my client or the ActiveMQ Web Console.
It seems that the thread responsible for moving the message into the DLQ doesn't have the
right to perform this action.



> SecurityException raised when broker tries to move expired message to DLQ
> -------------------------------------------------------------------------
>
>                 Key: AMQ-2516
>                 URL: https://issues.apache.org/activemq/browse/AMQ-2516
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.3.0
>         Environment: Windows XP SP2
> Java JRE 1.6
> Issue found on both FUSE Message Broker 5.3.0.3 & 5.3.0.5 (based on Apache ActiveMQ
5.3)
>            Reporter: Concombre Masqué
>         Attachments: activemq.log, activemq_configuration.zip, jmsproducer_sample.zip
>
>
> I have enabled authentication + authorization in my broker configuration file as follows:
> <jaasAuthenticationPlugin configuration="PropertiesLogin" />
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue=">" read="users" write="users" admin="users"/>
> <authorizationEntry topic="ActiveMQ.Advisory.>" read="users" write="users" admin="users"/>
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> If I send a message with a TTL into the queue (using provided sample configured with
the right username and password) and then try to look after the message in the queue after
it has expired using the Web Console, I got the following exception:
> "Caught an exception sending to DLQ: Message ID:PC198829-1539-1259168148838-0:1:1:1:1
dropped=false locked=false
> java.lang.SecurityException: User is not authenticated."
> This only occurs when the broker has to deal with the DLQ. I can successfully read/write
in any queue.
> It seems that the thread responsible for moving the message into the DLQ doesn't have
the right to perform this action (username and password not propagated to its connexion context).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message