activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wlam <w...@oatsystems.com>
Subject Re: Network of brokers security
Date Fri, 17 Aug 2007 19:59:07 GMT

Hi,

I am using AMQ 4.1.1, and the <networkConnector> provides userName and
password attributes, but that beat the purpose of having JAAS plugin, since
the username and password will be in plain text, anyone get a hold of
activemq.xml can do the same.  Is there a better a way to handle this?

I guess I can programmatically call addNetworkConnector() on BrokerService
and set the userName and password on the networkConnector object.  By the
way, does anyone has any code sample on that, I am having problem getting
Network brokers to work this way.

broker = BrokerFactory.createBroker(new URI(uri));
DiscoveryNetworkConnector dnc = new
DiscoveryNetworkConnector("static://(tcp://host1:61616)");
dnc.setName("toHost1");
broker.addNetworkConnector(dnc);
broker.start();


Thanks,
William



Hiram Chirino wrote:
> 
> Looks like 1 broker is not authenticating with the next broker.  I
> think we need to provide a way for you to pass a userid/password in
> the network connector configuration.
> 
> On 3/12/07, David Borja <adborja@gmail.com> wrote:
>> Hi AMQ devs!!
>>
>> I have a problem with the JAAS authentication in netowork of brokers ...
>>
>> The network of brokers topology is the following ...
>>
>> I have a broker named "serverdatos" which is configured with a jaas
>> security:
>>
>>  <plugins>
>>       <!--  use JAAS to authenticate using the login.config file on the
>> classpath to configure JAAS -->
>>       <jaasAuthenticationPlugin configuration="activemq-domain" />
>>
>>       <!--  lets configure a destination based authorization mechanism
>> -->
>>       <authorizationPlugin>
>>         <map>
>>           <authorizationMap>
>>
>>             <authorizationEntries>
>>               <authorizationEntry queue=">" read="admins" write="admins"
>> admin="admins" />
>>
>>               <authorizationEntry topic=">" read="admins" write="admins"
>> admin="admins" />
>>
>>               <authorizationEntry queue="jms/local" read="users"
>> write="users" admin="users" />
>>
>>               <authorizationEntry topic="ActiveMQ.Advisory.>"
>> read="guests,users" write="guests,users" admin="guests,users"/>
>>
>>             </authorizationEntries>
>>
>>           </authorizationMap>
>>         </map>
>>       </authorizationPlugin>
>>     </plugins>
>>
>>
>> There is another broker named "FF" which has the same security config.
>>
>> In addition has a network connector config:
>>
>> <networkConnectors>
>>     <networkConnector name="ff and serverdatos"
>> uri="static://(tcp://localhost:61616,tcp://serverdatos:61616)"
>> failover="true">
>>         <staticallyIncludedDestinations>
>>             <queue physicalName="jms/central" />
>>         </staticallyIncludedDestinations>
>>     </networkConnector>
>> </networkConnectors>
>>
>> When the broker FF starts, a SecurityException is thrown:
>>
>> java.lang.SecurityException: User is not authenticated.
>>         at
>> org.apache.activemq.security.AuthorizationBroker.addDestination
>> (Autho
>> rizationBroker.java:57)
>>         at org.apache.activemq.broker.MutableBrokerFilter.addDestination
>> (Mutable
>> BrokerFilter.java:152)
>>         at org.apache.activemq.broker.region.AbstractRegion.lookup
>> (AbstractRegio
>> n.java:316)
>>         at org.apache.activemq.broker.region.AbstractRegion.send
>> (AbstractRegion.
>> java:291)
>>         at org.apache.activemq.broker.region.RegionBroker.send(
>> RegionBroker.java
>> :380)
>>         at org.apache.activemq.broker.TransactionBroker.send(
>> TransactionBroker.j
>> ava:193)
>>         at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory
>> (AdvisoryBrok
>> er.java:272)
>>         at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory
>> (AdvisoryBrok
>> er.java:237)
>>         at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory
>> (AdvisoryBrok
>> er.java:232)
>>         at org.apache.activemq.advisory.AdvisoryBroker.removeConnection
>> (Advisory
>> Broker.java:205)
>>         at org.apache.activemq.broker.BrokerFilter.removeConnection
>> (BrokerFilter
>> .java:110)
>>         at org.apache.activemq.broker.BrokerFilter.removeConnection
>> (BrokerFilter
>> .java:110)
>>         at
>> org.apache.activemq.security.JaasAuthenticationBroker.removeConnectio
>> n(JaasAuthenticationBroker.java:94)
>>         at org.apache.activemq.broker.BrokerFilter.removeConnection
>> (BrokerFilter
>> .java:110)
>>         at
>> org.apache.activemq.broker.MutableBrokerFilter.removeConnection
>> (Mutab
>> leBrokerFilter.java:120)
>>         at
>> org.apache.activemq.broker.TransportConnection.processRemoveConnectio
>> n(TransportConnection.java:728)
>>         at org.apache.activemq.broker.TransportConnection.stop
>> (TransportConnecti
>> on.java:884)
>>         at org.apache.activemq.broker.jmx.ManagedTransportConnection.stop
>> (Manage
>> dTransportConnection.java:74)
>>         at org.apache.activemq.broker.TransportConnection.processShutdown
>> (Transp
>> ortConnection.java:344)
>>         at
>> org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java
>> :36)
>>         at org.apache.activemq.broker.TransportConnection.service
>> (TransportConne
>> ction.java:284)
>>         at org.apache.activemq.broker.TransportConnection$1.onCommand
>> (TransportC
>> onnection.java:177)
>>         at org.apache.activemq.transport.TransportFilter.onCommand
>> (TransportFilt
>> er.java:65)
>>         at org.apache.activemq.transport.WireFormatNegotiator.onCommand
>> (WireForm
>> atNegotiator.java:133)
>>         at org.apache.activemq.transport.InactivityMonitor.onCommand
>> (InactivityM
>> onitor.java:122)
>>         at org.apache.activemq.transport.TransportSupport.doConsume
>> (TransportSup
>> port.java:84)
>>         at org.apache.activemq.transport.tcp.TcpTransport.run(
>> TcpTransport.java:
>> 137)
>>         at java.lang.Thread.run(Unknown Source)
>>
>>
>> Any ideas???
>>
>>
>> Thanx!!
>>
> 
> 
> -- 
> Regards,
> Hiram
> 
> Blog: http://hiramchirino.com
> 
> 

-- 
View this message in context: http://www.nabble.com/Network-of-brokers-security-tf3391489s2354.html#a12206231
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message