activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ARTEMIS-1122) ActiveMQJAASSecurityManager class loading issue
Date Mon, 24 Apr 2017 15:08:04 GMT

    [ https://issues.apache.org/jira/browse/ARTEMIS-1122?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15981324#comment-15981324
] 

ASF GitHub Bot commented on ARTEMIS-1122:
-----------------------------------------

Github user asfgit closed the pull request at:

    https://github.com/apache/activemq-artemis/pull/1209


> ActiveMQJAASSecurityManager class loading issue
> -----------------------------------------------
>
>                 Key: ARTEMIS-1122
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1122
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 2.0.0
>            Reporter: Howard Gao
>            Assignee: Howard Gao
>             Fix For: 2.next
>
>
> The ActiveMQJAASSecurityManager class uses LoginContext to validate users and roles.
LoginContext loads LoginModule classes defined in the configuration (login.config) using current
thread's context classloader.
> Normally this wouldn't be a problem but when a caller thread comes from JMX (for example
a client calls QueueControl.sendMessage() via JMX) the caller thread has a different context
class loader. This will cause the LoginContext fails to load the LoginModule class (e.g. org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule)
and the validation will fail even correct credentials are supplied.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message