activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ttmdev <joe.fernan...@ttmsolutions.com>
Subject Re: Problems with simpleAuthenticationPlugin
Date Tue, 11 Mar 2008 12:31:54 GMT

Okay, suppose that you have a network of brokers (NoB) with the following
configuration:

- The NoB comprises two brokers (BrokerA and BrokerB)
- You have enabled authentication for BrokerA via the
<simpleAuthenticationPlugin> element. 
- Authentication for BrokerB has not been enabled.
- BrokerA only listens for connections. In other words, BrokerA has a
<transportConnector> element, but no <networkConnector> elements.

In order for BrokerB to connect to BrokerA, the corresponding
<networkConnector> element in BrokerB’s XML configuration file must be set
up as follows. 

<networkConnectors>  
      <!-- A connector used for connecting to brokerA -->         
      <networkConnector name="brokerAbridge" 
                                       userName="user" 
                                       password="password" 
                                      
uri="static://(tcp://brokerA:61616)"/>                   			 
    </networkConnectors>

Note how BrokerB’s <networkConnector> element must provide the proper
credentials in order to connect to BrokerA. 

If BrokerA is given a <networkConnector> element so that it can initiate a
connection to BrokerB, then that <networkConnector> must also be given a
userName/password combination that is defined in the
<simpleAuthenticationPlugin> element; this is required even though BrokerB
does not have authentication services enabled. 

Joe
Goto www.ttmsolutions.com for a free ActiveMQ user guide.




/U wrote:
> 
> 
> Is there a syntactic element in the configuration element to indicate that 
> a networkConnector is authenticated using the simpleAuthenticationPlugin?
> Wording of your email suggests that there is.
> 
> Could you pl give me an example of aconfiguration of  two brokers that
> authenticate each other using the simpleAuth plugin?
> 
> Thanks, /U
> 
>  -------------- Original message ----------------------
> From: ttmdev <joe.fernandez@ttmsolutions.com>
>> 
>> Regarding your question - If you have enabled authentication for a
>> particular
>> message broker, then other brokers that wish to connect to that broker
>> must
>> provide the proper authentication credentials via their
>> <networkConnector>
>> element.
>> 
>> Joe
>> www.ttmsolutions.com
>> 
>> 
>> 
>> /U wrote:
>> > 
>> > Env: Activemq 5.0.0, JDK1.6
>> > 
>> > I am using the SimpleAuthenticationPlugin as follows.
>> > 
>> >     <plugins>
>> >         <simpleAuthenticationPlugin>
>> >             <users>
>> >                 <authenticationUser 
>> >                         username="someuser"
>> >                         password="somepassword"
>> >                         groups="users"
>> >                 />
>> >             </users>
>> >         </simpleAuthenticationPlugin>
>> >       </plugins>
>> >   
>> > 
>> > Problem:
>> >    When an authentication fails, the logs do not identify which client
>> > failed authentication.
>> >    It also does not identify the username that was provided (I
>> understand
>> > password
>> >    cannot/should not be logged). This makes it very difficult to
>> > troubleshoot authentication
>> >    failures. I have tried to increase the log verbosity of the plugin;
>> no
>> > avail.
>> > 
>> >    What is the alternative?
>> > 
>> > Question:
>> >    Is the simpleAuthenticationPlugin used to authentication clients
>> (over
>> > transportConnector)
>> >    as well as remote brokers (over networkConnector)?
>> > 
>> > Regards
>> > 
>> > /Ur
>> > 
>> > Sample Log:
>> >     org.apache.activemq.transport.TransportDisposedIOException:
>> Transport
>> > disposed.
>> >         at
>> > org.apache.activemq.transport.vm.VMTransport.oneway(VMTransport.java:
>> > 76)
>> >         at
>> > org.apache.activemq.transport.MutexTransport.oneway(MutexTransport.ja
>> > va:40)
>> >         at
>> > org.apache.activemq.transport.ResponseCorrelator.oneway(ResponseCorre
>> > lator.java:59)
>> >         at
>> > org.apache.activemq.network.DemandForwardingBridgeSupport.serviceRemo
>> > teCommand(DemandForwardingBridgeSupport.java:392)
>> >         at
>> > org.apache.activemq.network.DemandForwardingBridgeSupport$2.onCommand
>> > (DemandForwardingBridgeSupport.java:149)
>> >         at
>> > org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCo
>> > rrelator.java:100)
>> >         at
>> > org.apache.activemq.transport.TransportFilter.onCommand(TransportFilt
>> > er.java:67)
>> >         at
>> > org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireForm
>> > atNegotiator.java:134)
>> >         at
>> > org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityM
>> > onitor.java:138)
>> >         at
>> > org.apache.activemq.transport.TransportSupport.doConsume(TransportSup
>> > port.java:83)
>> >         at
>> > org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.jav
>> > a:185)
>> >         at
>> > org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:
>> > 172)
>> >         at java.lang.Thread.run(Thread.java:619)
>> > 
>> > 
>> > 
>> 
>> -- 
>> View this message in context: 
>> http://www.nabble.com/Problems-with-simpleAuthenticationPlugin-tp15923758s2354p1
>> 5950831.html
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Problems-with-simpleAuthenticationPlugin-tp15923758s2354p15976477.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message