activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sandro Tosi <sandro.t...@gmail.com>
Subject Re: Protect queues access with password
Date Mon, 15 Sep 2008 10:26:28 GMT

Thanks, now I added

<broker....>
........

    <plugins>
      <!--  use JAAS to authenticate using the login.config file on the
classpath to configure JAAS -->
      <jaasAuthenticationPlugin configuration="activemq-domain" />

      <!--  lets configure a destination based authorization mechanism -->
      <authorizationPlugin>
        <map>
          <authorizationMap>
            <authorizationEntries>
              <authorizationEntry queue=">" read="users,admins"
write="users,admins" admin="admins" />
            </authorizationEntries>

          </authorizationMap>
        </map>
      </authorizationPlugin>
    </plugins>

    </broker>

    <simpleAuthenticationPlugin>
        <users>
                <authenticationUser username="system" password="manager"
groups="users,admins"/>
                <authenticationUser username="user" password="password"
groups="users"/>
                <authenticationUser username="guest" password="password"
groups="guests"/>
        </users>
    </simpleAuthenticationPlugin>

but I have still problems at startup with a:

java.lang.SecurityException: User name or password is invalid.
        at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
        at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81)
        at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88)
        at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662)
        at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
        at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
        at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292)
        at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180)
        at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
        at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143)
        at
org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206)
        at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
        at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
        at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
        at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.SecurityException: Unable to locate a login
configuration


So, wehre I can configure it?

TIA,
Sandro


Joe Fernandez wrote:
> 
> The authentication plugin is used to control access to the broker. The
> authorization plugin is used to control access to the destinations. So if
> you haven't enabled the authorization plugin, then everyone who is granted
> access to the broker is also granted access to all the destinations. 
> 
> Joe
> Get a free ActiveMQ user guide @ http://www.ttmsolutions.com 
>  
> 
> 
> Sandro Tosi wrote:
>> 
>> Hello,
>> actually, every queue on activemq are "free entrance" for everyone (ok,
>> knowing server, ports, name, etc) but we'd like anyhow to stop this and
>> require a username/password access policy.
>> 
>> I've read the security doc[1] and added the "Simple Authentication
>> Plugin" but I'm still able to connect to queues "anonymously".
>> 
>> How can I grant access only to given username/pwd?
>> 
>> Thanks in advance,
>> Sandro
>> 
>> [1] http://activemq.apache.org/security.html
>> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Protect-queues-access-with-password-tp19453220p19490424.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message