activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ttmdev <joe.fernan...@ttmsolutions.com>
Subject Re: Authentication problem in AMQ 5.1
Date Thu, 15 May 2008 13:02:11 GMT

I think what is happening is that you haven't given everyone all access
rights to the advisory topics. I get a similar stack trace when I don't do
that. Add an ACL with the following "ActiveMQ.Advisory.>" and that should do
the trick. 

If you're interested, check out this AMQ security plugin. 

http://www.ttmsolutions.com/amqsec.php4

You can re-configure it on the fly, uses obfuscated passwords, and has a JMX
MBean.  

Joe  



Carlos Quiroz wrote:
> 
> Hi and thanks for your response 
> 
> Maybe I should add that the queue is in the startup set 
>                 <destinations>
>                         <queue physicalName="myqueue" />
>                 </destinations>
> 
> and that in the logs appears as it has been created
> This worked fine in AMQ 5.0
> 
> Carlos
> 
> 
> Dejan Bosanac wrote:
>> 
>> Hi Carlos,
>> 
>> it looks like you don't have "myqueue" created, so ActiveMQ tries to do
>> that
>> with supplied credentials. Try creating the queue manually if you don't
>> want
>> to use "admin" priviledges.
>> 
>> Regards
>> -- 
>> Dejan Bosanac
>> www.scriptinginjava.net
>> 
>> On Wed, May 14, 2008 at 1:55 PM, Carlos Quiroz <
>> carlos.quiroz-castro@nokia.com> wrote:
>> 
>>>
>>> Hi
>>>
>>> I have been using AMQ 5.0 for a while and I have created my own
>>> authentication plugin. When I switched to AMQ 5.1 my clients cannot
>>> connect
>>> anymore because somehow they are not authorized to create topics or
>>> queues.
>>> Apparently now when subscribing to a topic/queue you need to have admin
>>> permission to do that. Is it so?
>>>
>>> My activemq.xml looks like:
>>>
>>>        <broker xmlns="http://activemq.org/config/1.0"
>>>                brokerName="broker" dataDirectory="${activemq.base}/data"
>>>                populateJMSXUserID="true" advisorySupport="true"
>>> useJmx="true">
>>>
>>>                <plugins>
>>>                        <bean name="MyLoginModule"
>>>                                class=""
>>>                                xmlns="">
>>>
>>>                        <!--  lets configure a destination based
>>> authorization mechanism -->
>>>                        <authorizationPlugin>
>>>                                <map>
>>>                                        <authorizationMap>
>>>                                                <authorizationEntries>
>>>                                                       
>>> <authorizationEntry
>>> queue=">" read="admins"
>>>
>>>  write="admins" admin="admins" />
>>>                                                       
>>> <authorizationEntry
>>> queue="myqueu"
>>>
>>>  read="service" write="users" admin="admin" />
>>> ....
>>>                                </map>
>>>                        </authorizationPlugin>
>>>                </plugins>
>>>
>>>
>>>
>>>                <destinations>
>>>                        <queue physicalName="myqueue />
>>>                </destinations>
>>>
>>> Upon connection I get the exception below but it works if I change the
>>> admin
>>> permision of the queue to admin="users"
>>>
>>> Any idea about this? Why was this change added to AMQ 5.1? Should the
>>> configuration change?
>>>
>>> Regards
>>> Carlos Quiroz
>>>
>>>
>>> java.lang.SecurityException: User 181.175 is not authorized to create:
>>> queue://myqueue
>>>        at
>>>
>>> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:65)
>>>        at
>>>
>>> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:148)
>>>        at
>>> org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:443)
>>>        at
>>>
>>> org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
>>>        at
>>>
>>> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:325)
>>>        at
>>>
>>> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:268)
>>>        at
>>>
>>> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:260)
>>>        at
>>>
>>> org.apache.activemq.advisory.AdvisoryBroker.addDestination(AdvisoryBroker.java:153)
>>>        at
>>>
>>> org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
>>>        at
>>>
>>> org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
>>>        at
>>>
>>> org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
>>>        at
>>>
>>> org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
>>>        at
>>>
>>> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:71)
>>>        at
>>>
>>> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:148)
>>>        at
>>>
>>> org.apache.activemq.broker.region.AbstractRegion.lookup(AbstractRegion.java:385)
>>>        at
>>>
>>> org.apache.activemq.broker.region.AbstractRegion.addConsumer(AbstractRegion.java:219)
>>>        at
>>>
>>> org.apache.activemq.broker.region.TopicRegion.addConsumer(TopicRegion.java:108)
>>>        at
>>>
>>> org.apache.activemq.broker.region.RegionBroker.addConsumer(RegionBroker.java:401)
>>>        at
>>> org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
>>>        at
>>>
>>> org.apache.activemq.advisory.AdvisoryBroker.addConsumer(AdvisoryBroker.java:83)
>>>        at
>>> org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
>>>        at
>>> org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
>>>        at
>>> org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
>>>        at
>>> org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
>>>        at
>>>
>>> org.apache.activemq.security.AuthorizationBroker.addConsumer(AuthorizationBroker.java:132)
>>>        at
>>>
>>> org.apache.activemq.broker.MutableBrokerFilter.addConsumer(MutableBrokerFilter.java:92)
>>>        at
>>>
>>> org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:529)
>>>        at
>>> org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:345)
>>>        at
>>>
>>> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:293)
>>>        at
>>>
>>> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
>>>        at
>>>
>>> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
>>>        at
>>>
>>> org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:80)
>>>        at
>>>
>>> org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:134)
>>>        at
>>>
>>> org.apache.activemq.transport.stomp.ProtocolConverter.onStompSubscribe(ProtocolConverter.java:396)
>>>        at
>>>
>>> org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:182)
>>>        at
>>>
>>> org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:70)
>>>        at
>>>
>>> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
>>>        at
>>>
>>> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
>>>        at
>>> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
>>>        at java.lang.Thread.run(Thread.java:619)
>>> --
>>> View this message in context:
>>> http://www.nabble.com/Authentication-problem-in-AMQ-5.1-tp17229324s2354p17229324.html
>>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>>
>>>
>> 
>> 
>> -----
>> Dejan Bosanac
>> www.scriptinginjava.net
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Authentication-problem-in-AMQ-5.1-tp17229324s2354p17252734.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message