From users-return-10978-apmail-activemq-users-archive=activemq.apache.org@activemq.apache.org Thu Oct 11 21:05:04 2007 Return-Path: Delivered-To: apmail-activemq-users-archive@www.apache.org Received: (qmail 70981 invoked from network); 11 Oct 2007 21:05:03 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Oct 2007 21:05:03 -0000 Received: (qmail 55537 invoked by uid 500); 11 Oct 2007 21:04:50 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 55212 invoked by uid 500); 11 Oct 2007 21:04:50 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 55203 invoked by uid 99); 11 Oct 2007 21:04:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Oct 2007 14:04:50 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of c.marastigeorg@gmail.com designates 64.233.162.234 as permitted sender) Received: from [64.233.162.234] (HELO nz-out-0506.google.com) (64.233.162.234) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Oct 2007 21:04:53 +0000 Received: by nz-out-0506.google.com with SMTP id z3so500989nzf for ; Thu, 11 Oct 2007 14:04:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=lZ1HRD0PA+iH6Eghgok+nl+IfRV6nKhK+LBzWeDwpYo=; b=WFV3JTrZw0aGr0yNlr3478AlXCEF6I2PXDaDkl421AXr/MEFKwl1dPvUsuk+mxMQLZfNVRiZ5tkiQXPfySDV5hMaOzYaZEXEMfzHMLTzswVM3hQllIb8VpTJgAyKGlmgFMiGIumGfmX/p6kPv596gqfBgmzsJfVm8h4G9UkOSCI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=DWW25n308tBecDit6LAXaI9F0Xv9nspAGoUnWpualEgbbpnCndRRnLMJZ6mEYSQNw9MfS7EfwrPjaHG8jWyYwYC85zDP/oN+Xo+1jlTi8gofyFTCJV3kJtM9teQZnFOMAk0JYUQlQpzJA/8y0NOBSPvBo1QBqKU0Y3jCLwkjNB0= Received: by 10.142.239.11 with SMTP id m11mr857706wfh.1192136671157; Thu, 11 Oct 2007 14:04:31 -0700 (PDT) Received: by 10.142.97.13 with HTTP; Thu, 11 Oct 2007 14:04:31 -0700 (PDT) Message-ID: <64d4e7d0710111404w15f09232rfbbca22eaecf6543@mail.gmail.com> Date: Thu, 11 Oct 2007 17:04:31 -0400 From: "Chris Marasti-Georg" To: users@activemq.apache.org Subject: Re: Authorization/Authentication In-Reply-To: <28c3c9290710111256n2123cc7fi1e64878a71ae5f33@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_18268_18939116.1192136671130" References: <64d4e7d0710111215sf4bfbfftbf7d37784f81f080@mail.gmail.com> <28c3c9290710111256n2123cc7fi1e64878a71ae5f33@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_18268_18939116.1192136671130 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Still getting the error. Here is the entry in the map. I added "users,guests" like you said, also added "all" which is a group that guest should be a member of, and just for fun added guest by name.: Here's the guest related stuff I have in the config file: in plugins: outside of the broker element: eventReader all here is the error, with the few items before it from the log: 2007-10-11 16:54:34,236 DEBUG [ org.apache.activemq.transport.WireFormatNegotiator] Sending: WireFormatInfo { version=2, properties={TightEncodingEnabled=true, CacheSize=1024, TcpNoDelayEnabled=true, SizePrefixDisabled=false, StackTraceEnabled=true, MaxInactivityDuration=30000, CacheEnabled=true}, magic=[A,c,t,i,v,e,M,Q]} 2007-10-11 16:54:34,236 DEBUG [ org.apache.activemq.transport.WireFormatNegotiator] Received WireFormat: WireFormatInfo { version=2, properties={TightEncodingEnabled=true, CacheSize=1024, TcpNoDelayEnabled=true, SizePrefixDisabled=false, StackTraceEnabled=true, MaxInactivityDuration=30000, CacheEnabled=true}, magic=[A,c,t,i,v,e,M,Q]} 2007-10-11 16:54:34,236 DEBUG [ org.apache.activemq.transport.WireFormatNegotiator] tcp:///127.0.0.1:2211 before negotiation: OpenWireFormat{version=2, cacheEnabled=false, stackTraceEnabled=false, tightEncodingEnabled=false, sizePrefixDisabled=false} 2007-10-11 16:54:34,236 DEBUG [ org.apache.activemq.transport.WireFormatNegotiator] tcp:///127.0.0.1:2211 after negotiation: OpenWireFormat{version=2, cacheEnabled=true, stackTraceEnabled=true, tightEncodingEnabled=true, sizePrefixDisabled=false} 2007-10-11 16:54:34,236 DEBUG [ org.apache.activemq.broker.TransportConnection] Setting up new connection: org.apache.activemq.broker.jmx.ManagedTransportConnection@8ef455 2007-10-11 16:54:34,252 DEBUG [ org.apache.activemq.broker.TransportConnection.Service] Error occured while processing sync command: java.lang.SecurityException: User guest is not authorized to create: topic://ActiveMQ.Advisory.Connection java.lang.SecurityException: User guest is not authorized to create: topic://ActiveMQ.Advisory.Connection I'm going to grab a 5.0 snapshot and give it a whirl, see if it works any better. The configuration looks easier, at least On 10/11/07, Mario Siegenthaler wrote: > > From my experience with security in ActiveMQ you need to explicitly > allow everybody to create Advisory topics. This also matches with your > error message: > java.lang.SecurityException: User guest is not authorized to > create: topic://ActiveMQ.Advisory.Connection > > so I'd try adding > write="guests,users" admin="guests,users"/> > > to your configuration > > > Mario ------=_Part_18268_18939116.1192136671130--