activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From geezmo ...@netmonic.com>
Subject 5.2.0 JAAS Problem
Date Wed, 31 Dec 2008 13:54:55 GMT

Hello,

I try to configure JAAS to secure my broker and web console. Therefore I
created login.config file with

ActiveMQ {
	org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule required
	debug="true"
	file="/full/path/to/realm.properties"; 
};

and my realm properties looks like

system: manager,admins

Further I added 

<plugins>

			<jaasAuthenticationPlugin configuration="ActiveMQ" />

			<!--  lets configure a destination based authorization mechanism -->
			<authorizationPlugin>
				<map>
					<authorizationMap>
						<authorizationEntries>
							<authorizationEntry queue=">" read="admins"
								write="admins" admin="admins" />

							<authorizationEntry topic=">" read="admins"
								write="admins" admin="admins" />
						</authorizationEntries>

						<tempDestinationAuthorizationEntry>
							<tempDestinationAuthorizationEntry
								read="admins" write="admins" admin="admins" />
						</tempDestinationAuthorizationEntry>
					</authorizationMap>
				</map>
			</authorizationPlugin>
		</plugins>

to my broker.

I already use my jaas config successfully to login to my web console with
given credentials. But if I try to send a message to a queue I get the
following error:

DEBUG TransportConnection            - Setting up new connection:
/127.0.0.1:35604
WARN  TransportConnection            - Failed to add Connection
java.lang.SecurityException: User name or password is invalid.
	at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
	at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
	at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
	at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:679)
	at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
	at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
	at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:305)
	at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
	at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:475)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:187)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
	at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
	at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
	at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
	at java.lang.Thread.run(Thread.java:619)
Caused by: javax.security.auth.login.LoginException: Login Failure: all
modules ignored
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)
	... 17 more
DEBUG Service                        - Error occured while processing sync
command: java.lang.SecurityException: User name or password is invalid.
java.lang.SecurityException: User name or password is invalid.
	at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
	at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
	at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
	at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:679)
	at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
	at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
	at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:305)
	at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
	at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:475)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:187)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
	at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
	at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
	at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
	at java.lang.Thread.run(Thread.java:619)
Caused by: javax.security.auth.login.LoginException: Login Failure: all
modules ignored
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)
	... 17 more
DEBUG Transport                      - Transport failed:
java.io.IOException: User name or password is invalid.
java.io.IOException: User name or password is invalid.
	at
org.apache.activemq.util.IOExceptionSupport.create(IOExceptionSupport.java:39)
	at
org.apache.activemq.transport.stomp.ProtocolConverter$2.onResponse(ProtocolConverter.java:482)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onActiveMQCommad(ProtocolConverter.java:551)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.oneway(StompTransportFilter.java:56)
	at
org.apache.activemq.transport.MutexTransport.oneway(MutexTransport.java:40)
	at
org.apache.activemq.broker.TransportConnection.dispatch(TransportConnection.java:1207)
	at
org.apache.activemq.broker.TransportConnection.processDispatch(TransportConnection.java:793)
	at
org.apache.activemq.broker.TransportConnection.dispatchSync(TransportConnection.java:752)
	at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
	at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:78)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:135)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompConnect(ProtocolConverter.java:475)
	at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:187)
	at
org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:67)
	at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
	at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
	at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
	at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.SecurityException: User name or password is invalid.
	at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
	at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
	at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
	at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:679)
	at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
	at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
	at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:305)
	at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
	... 10 more
Caused by: javax.security.auth.login.LoginException: Login Failure: all
modules ignored
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:76)
	... 17 more
DEBUG TransportConnection            - Stopping connection: /127.0.0.1:35604
DEBUG TcpTransport                   - Stopping transport
tcp:///127.0.0.1:35604
DEBUG TransportConnection            - Stopped transport: /127.0.0.1:35604
DEBUG TransportConnection            - Cleaning up connection resources:
/127.0.0.1:35604
WARN  Service                        - Failed to remove connection
ConnectionInfo {commandId = 0, responseRequired = true, connectionId =
ID:tank2-58514-1230731215437-2:0, clientId =
ID:tank2-58514-1230731215437-2:0, userName = system, password = manager,
brokerPath = null, brokerMasterConnector = false, manageable = false,
clientMaster = true}
java.lang.SecurityException: User is not authenticated.
	at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
	at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
	at
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:417)
	at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
	at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:432)
	at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:362)
	at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:357)
	at
org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:217)
	at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
	at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
	at
org.apache.activemq.security.JaasAuthenticationBroker.removeConnection(JaasAuthenticationBroker.java:95)
	at
org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
	at
org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
	at
org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:721)
	at
org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:1000)
	at
org.apache.activemq.broker.jmx.ManagedTransportConnection.doStop(ManagedTransportConnection.java:74)
	at
org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:925)
DEBUG TransportConnection            - Connection Stopped: /127.0.0.1:35604


Hope somone can help me =)

kind regards,
geezmo
-- 
View this message in context: http://www.nabble.com/5.2.0-JAAS-Problem-tp21231778p21231778.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message