activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Marasti-Georg" <c.marastige...@gmail.com>
Subject Authorization/Authentication
Date Thu, 11 Oct 2007 19:15:35 GMT
Hi all.  I think I've exhausted google on this one, so I now turn to you.

We need to be able to set different permissions for different applications
to be able to listen to topics/queues.  After much searching, I have this
much in the broker config file (slightly snipped for brevity):

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:util="http://www.springframework.org/schema/util
">
    <broker>
        <plugins>
            <!--  use simple authentication -->
            <simpleAuthenticationPlugin userGroups="#groups"
userPasswords="#users"/>

            <!--  lets configure a destination based authorization mechanism
-->
            <authorizationPlugin>
                <map>
                    <authorizationMap>
                        <authorizationEntries>
                            <authorizationEntry queue=">" read="admin"
write="admin" admin="admin"/>
                            <authorizationEntry queue="inbound"
read="inboundEventReader" write="inboundEventWriter"
admin="inboundEventAdmin"/>

                            <authorizationEntry topic=">" read="admin"
write="admin" admin="admin"/>
                            <authorizationEntry topic="outbound"
read="eventReader" write="eventWriter" admin="eventAdmin"/>
                            <authorizationEntry topic="
ActiveMQ.Advisory.Connection" read="all" write="all" admin="all"/>
                        </authorizationEntries>
                    </authorizationMap>
                </map>
            </authorizationPlugin>
        </plugins>
    </broker>

    <util:map id="users">
        <entry key="connector" value="secret"/>
        <entry key="gateway" value="secret"/>
        <entry key="admin" value="secret"/>
        <entry key="guest" value="guest"/>
    </util:map>
    <util:map id="groups">
        <entry key="connector"><ref bean="connectorGroup"/></entry>
        <entry key="gateway"><ref bean="gatewayGroup"/></entry>
        <entry key="admin"><ref bean="adminGroup"/></entry>
        <entry key="guest"><ref bean="guestGroup"/></entry>
    </util:map>
    <util:set id="connectorGroup">
        <value>connectorEventWriter</value>
        <value>connectorEventAdmin</value>
        <value>all</value>
    </util:set>
    <util:set id="gatewayGroup">
        <value>eventReader</value>
        <value>eventWriter</value>
        <value>eventAdmin</value>
        <value>connectorEventReader</value>
        <value>connectorEventWriter</value>
        <value>connectorEventAdmin</value>
        <value>all</value>
    </util:set>
    <util:set id="adminGroup">
        <value>admin</value>
        <value>eventReader</value>
        <value>eventWriter</value>
        <value>eventAdmin</value>
        <value>connectorEventReader</value>
        <value>connectorEventWriter</value>
        <value>all</value>
    </util:set>
    <util:set id="guestGroup">
        <value>eventReader</value>
        <value>all</value>
    </util:set>
</beans>

The log contains errors like this:

INFO   | jvm 1    | 2007/10/11 14:38:57 | 14:38:57,668 WARN  [
TransportConnection.Service] Failed to remove connection ConnectionInfo
{commandId = 1, responseRequired = true, connectionId =
ID:rfidserv-4114-1192127937387-1:0, clientId =
ID:rfidserv-4114-1192127937387-2:0, userName = guest, password = guest,
brokerPath = null, brokerMasterConnector = false, manageable = true,
clientMaster = false}
INFO   | jvm 1    | 2007/10/11 14:38:57 | java.lang.SecurityException: User
guest is not authorized to create: topic://ActiveMQ.Advisory.Connection
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.security.AuthorizationBroker.addDestination (
AuthorizationBroker.java:65)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(
MutableBrokerFilter.java:152)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.region.AbstractRegion.lookup(AbstractRegion.java
:316)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java
:291)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:385)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java
:193)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java
:272)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java
:237)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java
:232)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.advisory.AdvisoryBroker.removeConnection(
AdvisoryBroker.java:205)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection (BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection(
SimpleAuthenticationBroker.java:71)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.MutableBrokerFilter.removeConnection(
MutableBrokerFilter.java:120)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.TransportConnection.processRemoveConnection(
TransportConnection.java:747)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.TransportConnection.stop (
TransportConnection.java:968)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.jmx.ManagedTransportConnection.stop(
ManagedTransportConnection.java:74)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.TransportConnection.processShutdown(
TransportConnection.java:362)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java:36)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.TransportConnection.service(
TransportConnection.java:294)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.broker.TransportConnection$1.onCommand(
TransportConnection.java:185)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java
:65)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.transport.WireFormatNegotiator.onCommand (
WireFormatNegotiator.java:133)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.transport.InactivityMonitor.onCommand(
InactivityMonitor.java:122)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.transport.TransportSupport.doConsume(
TransportSupport.java:84)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:137)
INFO   | jvm 1    | 2007/10/11 14:38:57 |     at java.lang.Thread.run(Unknown
Source)


INFO   | jvm 1    | 2007/10/11 14:39:38 | 14:39:38,480 WARN  [
TransportConnection.Service] Failed to remove connection ConnectionInfo
{commandId = 1, responseRequired = true, connectionId =
ID:rfidserv-4143-1192127977980-0:1, clientId =
ID:rfidserv-4143-1192127977980-2:0, userName = null, password = null,
brokerPath = null, brokerMasterConnector = false, manageable = true,
clientMaster = false}
INFO   | jvm 1    | 2007/10/11 14:39:38 | java.lang.SecurityException: User
is not authenticated.
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.security.AuthorizationBroker.addDestination(
AuthorizationBroker.java :57)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(
MutableBrokerFilter.java:152)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.region.AbstractRegion.lookup (AbstractRegion.java
:316)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java
:291)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.region.RegionBroker.send (RegionBroker.java:385)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java
:193)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory (
AdvisoryBroker.java:272)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java
:237)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory (
AdvisoryBroker.java:232)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.advisory.AdvisoryBroker.removeConnection(
AdvisoryBroker.java:205)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection (BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection (
SimpleAuthenticationBroker.java:71)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.MutableBrokerFilter.removeConnection(
MutableBrokerFilter.java:120)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection.processRemoveConnection(
TransportConnection.java :747)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection.stop(TransportConnection.java
:968)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.jmx.ManagedTransportConnection.stop (
ManagedTransportConnection.java:74)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection.processShutdown(
TransportConnection.java:362)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java:36)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection.service(
TransportConnection.java:294)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection$1.onCommand(
TransportConnection.java:185)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:65)

INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(
WireFormatNegotiator.java:133)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.InactivityMonitor.onCommand (
InactivityMonitor.java:122)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.TransportSupport.doConsume(
TransportSupport.java:84)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.tcp.TcpTransport.run (TcpTransport.java:137)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at java.lang.Thread.run(Unknown
Source)


INFO   | jvm 1    | 2007/10/11 14:39:38 | 14:39:38,480 WARN  [
TransportConnection.Service] Failed to remove connection ConnectionInfo
{commandId = 1, responseRequired = true, connectionId =
ID:rfidserv-4143-1192127977980-0:0, clientId =
ID:rfidserv-4143-1192127977980-1:0, userName = gateway, password = secret,
brokerPath = null, brokerMasterConnector = false, manageable = true,
clientMaster = false}
INFO   | jvm 1    | 2007/10/11 14:39:38 | java.lang.SecurityException: User
gateway is not authorized to create: topic://ActiveMQ.Advisory.Connection
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.security.AuthorizationBroker.addDestination (
AuthorizationBroker.java:65)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(
MutableBrokerFilter.java:152)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.region.AbstractRegion.lookup(AbstractRegion.java
:316)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java
:291)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:385)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java
:193)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java
:272)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java
:237)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java
:232)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.advisory.AdvisoryBroker.removeConnection(
AdvisoryBroker.java:205)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection (BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection(
SimpleAuthenticationBroker.java:71)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.MutableBrokerFilter.removeConnection(
MutableBrokerFilter.java:120)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection.processRemoveConnection(
TransportConnection.java:747)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection.stop (
TransportConnection.java:968)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.jmx.ManagedTransportConnection.stop(
ManagedTransportConnection.java:74)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection.processShutdown(
TransportConnection.java:362)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java:36)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection.service(
TransportConnection.java:294)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.broker.TransportConnection$1.onCommand(
TransportConnection.java:185)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java
:65)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.WireFormatNegotiator.onCommand (
WireFormatNegotiator.java:133)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.InactivityMonitor.onCommand(
InactivityMonitor.java:122)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.TransportSupport.doConsume(
TransportSupport.java:84)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:137)
INFO   | jvm 1    | 2007/10/11 14:39:38 |     at java.lang.Thread.run(Unknown
Source)


INFO   | jvm 1    | 2007/10/11 14:39:40 | 14:39:40,418 WARN  [
TransportConnection.Service] Failed to remove connection ConnectionInfo
{commandId = 1, responseRequired = true, connectionId =
ID:rfidserv-4143-1192127977980-0:3, clientId =
ID:rfidserv-4143-1192127977980-5:0, userName = null, password = null,
brokerPath = null, brokerMasterConnector = false, manageable = true,
clientMaster = false}
INFO   | jvm 1    | 2007/10/11 14:39:40 | java.lang.SecurityException: User
is not authenticated.
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.security.AuthorizationBroker.addDestination(
AuthorizationBroker.java :57)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(
MutableBrokerFilter.java:152)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.region.AbstractRegion.lookup (AbstractRegion.java
:316)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.region.AbstractRegion.send(AbstractRegion.java
:291)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.region.RegionBroker.send (RegionBroker.java:385)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java
:193)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory (
AdvisoryBroker.java:272)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java
:237)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory (
AdvisoryBroker.java:232)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.advisory.AdvisoryBroker.removeConnection(
AdvisoryBroker.java:205)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection (BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection (
SimpleAuthenticationBroker.java:71)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java
:110)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.MutableBrokerFilter.removeConnection(
MutableBrokerFilter.java:120)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.TransportConnection.processRemoveConnection(
TransportConnection.java :747)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.TransportConnection.stop(TransportConnection.java
:968)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.jmx.ManagedTransportConnection.stop (
ManagedTransportConnection.java:74)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.TransportConnection.processShutdown(
TransportConnection.java:362)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.command.ShutdownInfo.visit(ShutdownInfo.java:36)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.TransportConnection.service(
TransportConnection.java:294)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.broker.TransportConnection$1.onCommand(
TransportConnection.java:185)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:65)

INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(
WireFormatNegotiator.java:133)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.transport.InactivityMonitor.onCommand (
InactivityMonitor.java:122)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.transport.TransportSupport.doConsume(
TransportSupport.java:84)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at
org.apache.activemq.transport.tcp.TcpTransport.run (TcpTransport.java:137)
INFO   | jvm 1    | 2007/10/11 14:39:40 |     at java.lang.Thread.run(Unknown
Source)

Thanks in advance.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message