activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Hofstaedter <>
Subject SimpleAuthenticationBroker not preventing rogue producer??
Date Mon, 13 Nov 2006 14:45:06 GMT

Hopefully someone can help me here.  

I'm trying to set up a SimpleAuthenticationBroker programatically rather
than through the xml.  I've tried with 4.0.1 and 4.1.  The symptom is that,
although the broker is set as an intercepter and it detects a bad password
and emits a SecurityException, the producer is still allowed to produce
messages.  I can see the producer get the bad login indication through the
following log message:
WARN - Unexpected remote
command: ConnectionError {commandId = 2, responseRequired = false,
connectionId = null, exception = java.lang.SecurityException: User name or
password is invalid.}

But then, the next thing I know, my consumers, that have successfully logged
in, start receiving messages from this very same producer.

In case it's my code, here's how I'm setting up the broker:
         final Map<String, String> userPasswords = new HashMap<String,
         userPasswords.put("username", "password");
         m_broker = new BrokerService() 
            protected Broker addInterceptors(Broker broker) throws Exception 
               broker = super.addInterceptors(broker);
               broker = new SimpleAuthenticationBroker(broker,
userPasswords, new HashMap());
               return broker;
         ManagementContext mgmtCtx = m_broker.getManagementContext();
         if (persistent == false)
            m_broker.setPersistenceAdapter(new MemoryPersistenceAdapter());
         m_broker.addConnector(new URI("tcp://"));

Any ideas?
View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message