activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Hofstaedter" <chr...@nmwco.com>
Subject RE: SimpleAuthenticationBroker not preventing rogue producer??
Date Tue, 14 Nov 2006 21:38:47 GMT
I've added it as AMQ-1049

-----Original Message-----
From: chirino@gmail.com [mailto:chirino@gmail.com] On Behalf Of Hiram
Chirino
Sent: Tuesday, November 14, 2006 12:30 PM
To: activemq-users@geronimo.apache.org
Subject: Re: SimpleAuthenticationBroker not preventing rogue producer??

Hi Chris could you create JIRA to track this change?

On 11/13/06, Chris Hofstaedter <chrish@nmwco.com> wrote:
>
> Ok, I've been able to get the behavior I want, but I had to modify
> AbstractConnection.java to do it.  I dont know if my modifications are
> appropriate, so could someone take a look and let me know whether this
is a
> desirable change or not?
>
> Specifically, I added an additional catch block after line 202 of
> AbstractConnection and before the catch(Throwable).  The new code is:
> catch ( SecurityException e1)
>    {
>    ConnectionError ce = new ConnectionError();
>    ce.setException(e1);
>    dispatchSync(ce);
>    try
>       {
>       this.stop();
>       }
>    catch (Exception e2)
>       {
>       serviceLog.error("Unable to stop the connection after the
Security
> Exception:  " + e2);
>       }
>
> Notice the dispatchSync versus dispatchAsync - I did this to ensure
that the
> client was informed off the security violation before the connection
is
> stopped.
>
> Again, this "fix" was to ensure that producers with bad security
credentials
> could not submit messages despite the login failure.  In my example,
the
> producer is running in one JVM loaded via JNI invokation with an
embedded
> broker and a DemandForwardingBridge that is connecting to the remote
broker
> via "tcp://128.0.0.1:61616".  The consumer and the BrokerService are
running
> on the same machine but in another JVM also loaded via JNI invokation
but
> communicating with each other via "vm://localhost".
>
>
> Chris Hofstaedter wrote:
> >
> > Hopefully someone can help me here.
> >
> > I'm trying to set up a SimpleAuthenticationBroker programatically
rather
> > than through the xml.  I've tried with 4.0.1 and 4.1.  The symptom
is
> > that, although the broker is set as an intercepter and it detects a
bad
> > password and emits a SecurityException, the producer is still
allowed to
> > produce messages.  I can see the producer get the bad login
indication
> > through the following log message:
> > WARN  org.apache.activemq.network.DemandForwardingBridge -
Unexpected
> > remote command: ConnectionError {commandId = 2, responseRequired =
false,
> > connectionId = null, exception = java.lang.SecurityException: User
name or
> > password is invalid.}
> >
> > But then, the next thing I know, my consumers, that have
successfully
> > logged in, start receiving messages from this very same producer.
> >
> > In case it's my code, here's how I'm setting up the broker:
> >          final Map<String, String> userPasswords = new
HashMap<String,
> > String>();
> >          userPasswords.put("username", "password");
> >          m_broker = new BrokerService()
> >             {
> >             protected Broker addInterceptors(Broker broker) throws
> > Exception
> >                {
> >                broker = super.addInterceptors(broker);
> >                broker = new SimpleAuthenticationBroker(broker,
> > userPasswords, new HashMap());
> >                return broker;
> >                }
> >             };
> >          m_broker.setUseLoggingForShutdownErrors(false);
> >          m_broker.setUseShutdownHook(false);
> >          m_broker.setUseJmx(true);
> >          m_broker.setBrokerName("localhost");
> >          ManagementContext mgmtCtx =
m_broker.getManagementContext();
> >          mgmtCtx.setJmxDomainName(this.getClass().getName());
> >          mgmtCtx.setConnectorPort(1099);
> >          m_broker.setManagementContext(mgmtCtx);
> >          if (persistent == false)
> >             m_broker.setPersistenceAdapter(new
> > MemoryPersistenceAdapter());
> >          m_broker.addConnector(new URI("tcp://127.0.0.1:61616"));
> >          m_broker.start();
> >
> >
> > Any ideas?
> >
>
> --
> View this message in context:
http://www.nabble.com/SimpleAuthenticationBroker-not-preventing-rogue-pr
oducer---tf2622706.html#a7320366
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>


-- 
Regards,
Hiram

Blog: http://hiramchirino.com

Mime
View raw message