activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Quiroz <carlos.quiroz-cas...@nokia.com>
Subject Authentication problem in AMQ 5.1
Date Wed, 14 May 2008 11:55:13 GMT

Hi

I have been using AMQ 5.0 for a while and I have created my own
authentication plugin. When I switched to AMQ 5.1 my clients cannot connect
anymore because somehow they are not authorized to create topics or queues.
Apparently now when subscribing to a topic/queue you need to have admin
permission to do that. Is it so?

My activemq.xml looks like:

	<broker xmlns="http://activemq.org/config/1.0"
		brokerName="broker" dataDirectory="${activemq.base}/data"
		populateJMSXUserID="true" advisorySupport="true" useJmx="true">

		<plugins>
			<bean name="MyLoginModule"
				class=""
				xmlns="">

			<!--  lets configure a destination based authorization mechanism -->
			<authorizationPlugin>
				<map>
					<authorizationMap>
						<authorizationEntries>
							<authorizationEntry queue=">" read="admins"
								write="admins" admin="admins" />
							<authorizationEntry queue="myqueu"
								read="service" write="users" admin="admin" />
....
				</map>
			</authorizationPlugin>
		</plugins>



		<destinations>
			<queue physicalName="myqueue />
		</destinations>

Upon connection I get the exception below but it works if I change the admin
permision of the queue to admin="users"

Any idea about this? Why was this change added to AMQ 5.1? Should the
configuration change?

Regards
Carlos Quiroz


java.lang.SecurityException: User 181.175 is not authorized to create:
queue://myqueue
	at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:65)
	at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:148)
	at
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:443)
	at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
	at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:325)
	at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:268)
	at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:260)
	at
org.apache.activemq.advisory.AdvisoryBroker.addDestination(AdvisoryBroker.java:153)
	at
org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
	at
org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
	at
org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
	at
org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
	at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:71)
	at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:148)
	at
org.apache.activemq.broker.region.AbstractRegion.lookup(AbstractRegion.java:385)
	at
org.apache.activemq.broker.region.AbstractRegion.addConsumer(AbstractRegion.java:219)
	at
org.apache.activemq.broker.region.TopicRegion.addConsumer(TopicRegion.java:108)
	at
org.apache.activemq.broker.region.RegionBroker.addConsumer(RegionBroker.java:401)
	at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
	at
org.apache.activemq.advisory.AdvisoryBroker.addConsumer(AdvisoryBroker.java:83)
	at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
	at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
	at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
	at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
	at
org.apache.activemq.security.AuthorizationBroker.addConsumer(AuthorizationBroker.java:132)
	at
org.apache.activemq.broker.MutableBrokerFilter.addConsumer(MutableBrokerFilter.java:92)
	at
org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:529)
	at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:345)
	at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:293)
	at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
	at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:80)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:134)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompSubscribe(ProtocolConverter.java:396)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:182)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:70)
	at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
	at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
	at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
	at java.lang.Thread.run(Thread.java:619)
-- 
View this message in context: http://www.nabble.com/Authentication-problem-in-AMQ-5.1-tp17229324s2354p17229324.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message