Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id D8BD7200C5A for ; Tue, 18 Apr 2017 16:10:45 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id D73AA160BAC; Tue, 18 Apr 2017 14:10:45 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 2AC25160B90 for ; Tue, 18 Apr 2017 16:10:45 +0200 (CEST) Received: (qmail 14012 invoked by uid 500); 18 Apr 2017 14:10:44 -0000 Mailing-List: contact issues-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list issues@activemq.apache.org Received: (qmail 14003 invoked by uid 99); 18 Apr 2017 14:10:44 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Apr 2017 14:10:44 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id D09371A01CD for ; Tue, 18 Apr 2017 14:10:43 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id WVfp6Mgv4KpS for ; Tue, 18 Apr 2017 14:10:42 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 9FEF85F1E7 for ; Tue, 18 Apr 2017 14:10:42 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 3FE23E0875 for ; Tue, 18 Apr 2017 14:10:42 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 9BFA621B49 for ; Tue, 18 Apr 2017 14:10:41 +0000 (UTC) Date: Tue, 18 Apr 2017 14:10:41 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: issues@activemq.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (ARTEMIS-1122) ActiveMQJAASSecurityManager class loading issue MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 18 Apr 2017 14:10:46 -0000 [ https://issues.apache.org/jira/browse/ARTEMIS-1122?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15972748#comment-15972748 ] ASF GitHub Bot commented on ARTEMIS-1122: ----------------------------------------- GitHub user gaohoward opened a pull request: https://github.com/apache/activemq-artemis/pull/1209 ARTEMIS-1122 ActiveMQJAASSecurityManager class loading issue The ActiveMQJAASSecurityManager class uses LoginContext to validate users and roles. LoginContext loads LoginModule classes defined in the configuration (login.config) using current thread's context classloader. Normally this wouldn't be a problem but when a caller thread comes from JMX (for example a client calls QueueControl.sendMessage() via JMX) the caller thread has a different context class loader. This will cause the LoginContext to fail to load the LoginModule class (e.g. PropertiesLoginModule) and the validation will fail even if correct credentials are supplied. You can merge this pull request into a Git repository by running: $ git pull https://github.com/gaohoward/activemq-artemis master_sec_cnfe Alternatively you can review and apply these changes as the patch at: https://github.com/apache/activemq-artemis/pull/1209.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1209 ---- ---- > ActiveMQJAASSecurityManager class loading issue > ----------------------------------------------- > > Key: ARTEMIS-1122 > URL: https://issues.apache.org/jira/browse/ARTEMIS-1122 > Project: ActiveMQ Artemis > Issue Type: Bug > Components: Broker > Affects Versions: 2.0.0 > Reporter: Howard Gao > Assignee: Howard Gao > Fix For: 2.next > > > The ActiveMQJAASSecurityManager class uses LoginContext to validate users and roles. LoginContext loads LoginModule classes defined in the configuration (login.config) using current thread's context classloader. > Normally this wouldn't be a problem but when a caller thread comes from JMX (for example a client calls QueueControl.sendMessage() via JMX) the caller thread has a different context class loader. This will cause the LoginContext fails to load the LoginModule class (e.g. org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule) and the validation will fail even correct credentials are supplied. -- This message was sent by Atlassian JIRA (v6.3.15#6346)