activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Hofstaedter <chr...@nmwco.com>
Subject SimpleAuthenticationBroker not preventing rogue producer??
Date Mon, 13 Nov 2006 14:45:06 GMT

Hopefully someone can help me here.  

I'm trying to set up a SimpleAuthenticationBroker programatically rather
than through the xml.  I've tried with 4.0.1 and 4.1.  The symptom is that,
although the broker is set as an intercepter and it detects a bad password
and emits a SecurityException, the producer is still allowed to produce
messages.  I can see the producer get the bad login indication through the
following log message:
WARN  org.apache.activemq.network.DemandForwardingBridge - Unexpected remote
command: ConnectionError {commandId = 2, responseRequired = false,
connectionId = null, exception = java.lang.SecurityException: User name or
password is invalid.}

But then, the next thing I know, my consumers, that have successfully logged
in, start receiving messages from this very same producer.

In case it's my code, here's how I'm setting up the broker:
         final Map<String, String> userPasswords = new HashMap<String,
String>();
         userPasswords.put("username", "password");
         m_broker = new BrokerService() 
            {
            protected Broker addInterceptors(Broker broker) throws Exception 
               {
               broker = super.addInterceptors(broker);
               broker = new SimpleAuthenticationBroker(broker,
userPasswords, new HashMap());
               return broker;
               }
            };
         m_broker.setUseLoggingForShutdownErrors(false);
         m_broker.setUseShutdownHook(false);
         m_broker.setUseJmx(true);
         m_broker.setBrokerName("localhost");
         ManagementContext mgmtCtx = m_broker.getManagementContext();
         mgmtCtx.setJmxDomainName(this.getClass().getName());
         mgmtCtx.setConnectorPort(1099);
         m_broker.setManagementContext(mgmtCtx);
         if (persistent == false)
            m_broker.setPersistenceAdapter(new MemoryPersistenceAdapter());
         m_broker.addConnector(new URI("tcp://127.0.0.1:61616"));
         m_broker.start();


Any ideas?
-- 
View this message in context: http://www.nabble.com/SimpleAuthenticationBroker-not-preventing-rogue-producer---tf2622706.html#a7318088
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message