activemq-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "clebert suconic (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (ARTEMIS-1122) ActiveMQJAASSecurityManager class loading issue
Date Thu, 31 Aug 2017 19:12:30 GMT

     [ https://issues.apache.org/jira/browse/ARTEMIS-1122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

clebert suconic closed ARTEMIS-1122.
------------------------------------

> ActiveMQJAASSecurityManager class loading issue
> -----------------------------------------------
>
>                 Key: ARTEMIS-1122
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-1122
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 2.0.0
>            Reporter: Howard Gao
>            Assignee: Howard Gao
>             Fix For: 2.1.0
>
>
> The ActiveMQJAASSecurityManager class uses LoginContext to validate users and roles.
LoginContext loads LoginModule classes defined in the configuration (login.config) using current
thread's context classloader.
> Normally this wouldn't be a problem but when a caller thread comes from JMX (for example
a client calls QueueControl.sendMessage() via JMX) the caller thread has a different context
class loader. This will cause the LoginContext fails to load the LoginModule class (e.g. org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule)
and the validation will fail even correct credentials are supplied.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message