activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ttmdev <joe.fernan...@ttmsolutions.com>
Subject Re: Security problem with 5.1.0
Date Fri, 16 May 2008 14:15:47 GMT

In my testing with 5.1, it has been the CommandAgent and Camel that cause the
security-related exceptions to be hurled on broker startup. Jetty may  hurl
an exception if and when you try and use it.  If you need to use the
CommandAgent in a secure environment, you can extend it to provide a
username and password. Our AMQ security plugin provides such an extended
version of the CommandAgent. You may want to check it out; it's free for the
taking. 

http://www.ttmsolutions.com/amqsec.php4

I haven't spent too much time trying to figure out how to get Camel to
provide a username and password. If someone knows, a posting describing how
it's done would be greatly appreciated. 

Joe
Get a free ActiveMQ user guide at www.ttmsolutions.com 





 



Aaron Mulder wrote:
> 
> You're right -- commenting those out fixed the problem.
> 
> What's the right way to configure Camel, Jetty, and the CommandAgent
> to use a valid username and password?
> 
> Thanks,
>        Aaron
> 
> On Thu, May 15, 2008 at 11:13 PM, Bruce Snyder <bruce.snyder@gmail.com>
> wrote:
>> On Thu, May 15, 2008 at 8:49 PM, Aaron Mulder
>> <ammulder@alumni.princeton.edu> wrote:
>>> This may not be as bad as the subject sounds, but...
>>>
>>> I enabled security by dumping all 3 of the default files from
>>> http://activemq.apache.org/security.html in activemq-5.1.0/conf and
>>> then putting this in the broker config:
>>>
>>>        <plugins>
>>>          <!--  use JAAS to authenticate using the login.config file
>>> on the classpath to configure JAAS -->
>>>          <jaasAuthenticationPlugin configuration="activemq-domain" />
>>>
>>>          <!--  lets configure a destination based authorization
>>> mechanism -->
>>>          <authorizationPlugin>
>>>            <map>
>>>              <authorizationMap>
>>>                <authorizationEntries>
>>>                  <authorizationEntry queue=">" read="admins"
>>> write="admins" admin="admins" />
>>>                  <authorizationEntry topic=">" read="admins"
>>> write="admins" admin="admins" />
>>>                </authorizationEntries>
>>>              </authorizationMap>
>>>            </map>
>>>          </authorizationPlugin>
>>>        </plugins>
>>>
>>>
>>> The problem is, when I run ActiveMQ now (without any clients
>>> connecting or anything, and using an otherwise default config), I get
>>> loads of exceptions (typical stack trace below).
>>>
>>> I don't know what's initiating the connection that's causing the login
>>> failure, but as this is a standalone broker with no clients
>>> connecting, it must be something within ActiveMQ itself?  The
>>> underlying NPE appears to be caused by the user name it's trying to
>>> authenticate being null (though that's an unfortunate manifestation).
>>>
>>> Anyway, any idea what I need to do to stop the exceptions?
>>>
>>> Thanks,
>>>        Aaron
>>>
>>>
>>> java.lang.SecurityException: User name or password is invalid.
>>>        at
>>> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
>>>        at
>>> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81)
>>>        at
>>> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88)
>>>        at
>>> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662)
>>>        at
>>> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
>>>        at
>>> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
>>>        at
>>> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292)
>>>        at
>>> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180)
>>>        at
>>> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
>>>        at
>>> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143)
>>>        at
>>> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206)
>>>        at
>>> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
>>>        at
>>> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
>>>        at
>>> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
>>>        at java.lang.Thread.run(Thread.java:637)
>>> Caused by: javax.security.auth.login.LoginException:
>>> java.lang.NullPointerException
>>>        at java.util.Hashtable.get(Hashtable.java:334)
>>>        at java.util.Properties.getProperty(Properties.java:932)
>>>        at
>>> org.apache.activemq.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:116)
>>>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>        at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>        at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>        at java.lang.reflect.Method.invoke(Method.java:597)
>>>        at
>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>>>        at
>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>>>        at
>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>>>        at java.security.AccessController.doPrivileged(Native Method)
>>>        at
>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>>>        at
>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>>>        at
>>> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)
>>>        at
>>> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81)
>>>        at
>>> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88)
>>>        at
>>> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662)
>>>        at
>>> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
>>>        at
>>> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
>>>        at
>>> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292)
>>>        at
>>> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180)
>>>        at
>>> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
>>>        at
>>> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143)
>>>        at
>>> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206)
>>>        at
>>> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
>>>        at
>>> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
>>>        at
>>> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
>>>        at java.lang.Thread.run(Thread.java:637)
>>>
>>
>> If you have a default activemq.xml then there are two configurations
>> that initiate connections to the broker; one for a couple of Camel
>> routes and one for Jetty. Chances are it's those that there trying to
>> initiate the connections.
>>
>> Bruce
>> --
>> perl -e 'print
>> unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*"
>> );'
>>
>> Apache ActiveMQ - http://activemq.org/
>> Apache Camel - http://activemq.org/camel/
>> Apache ServiceMix - http://servicemix.org/
>> Apache Geronimo - http://geronimo.apache.org/
>>
>> Blog: http://bruceblog.org/
>>
>>
> 
> 

-- 
View this message in context: http://www.nabble.com/Security-problem-with-5.1.0-tp17266685s2354p17275770.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message