activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dejan Bosanac <de...@nighttale.net>
Subject Re: ActiveMQ - JMX - Queue with "READ" access define
Date Fri, 21 May 2010 17:58:26 GMT 
Hi Charles,

this should be fixed with
https://issues.apache.org/activemq/browse/AMQ-2516and JMX should have
broker security context.

Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net


On Fri, May 21, 2010 at 10:28 AM, cmoulliard <cmoulliard@gmail.com> wrote:

>
> Hi,
>
> I have been able to stop the vm:// connector created by ActiveMq 5.x and
> used by JMX/Jconsole to communicate with the broker simply by posting a
> message from JConsole on a queue defined with "READ" access
>
> Here is a part of the config :
>
>       <plugins>
>        <!-- Configure authentication; Username, passwords and groups -->
>        <simpleAuthenticationPlugin>
>            <users>
>                <authenticationUser username="user" password="password"
> groups="users"/>
>            </users>
>        </simpleAuthenticationPlugin>
>
>
>              <!--  Lets configure a destination based authorization
> mechanism -->
>              <authorizationPlugin>
>                <map>
>                  <authorizationMap>
>                    <authorizationEntries>
>                      <authorizationEntry queue="INA.PROJECT.FLOW.ACTION"
> read="user" />
>
> Here is the error message generated :
>
>  WARN | Failed to add Connection
> java.lang.SecurityException: User name or password is invalid.
>        at
>
> org.apache.activemq.security.SimpleAuthenticationBroker.addConnection(SimpleAuthenticationBroker.java:52)
>        at
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
>        at
>
> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
>        at
>
> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:676)
>        at
> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:134)
>        at
>
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:300)
>        at
>
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:178)
>        at
>
> org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116)
>        at
>
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
>        at
> org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:210)
>        at
>
> org.apache.activemq.thread.DedicatedTaskRunner.runTask(DedicatedTaskRunner.java:98)
>        at
>
> org.apache.activemq.thread.DedicatedTaskRunner$1.run(DedicatedTaskRunner.java:36)
>  WARN | Failed to remove connection ConnectionInfo {commandId = 1,
> responseRequired = true, connectionId =
> ID:dell-charles-2424-1274451259953-2:0
> , clientId = ID:dell-charles-2424-1274451259953-3:0, userName = null,
> password = *****, brokerPath = null, brokerMasterConnector = false, managea
> ble = true, clientMaster = true}
> java.lang.SecurityException: User is not authenticated.
>        at
>
> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:58)
>        at
>
> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:149)
>        at
> org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:425)
>        at
>
> org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
>        at
>
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:443)
>        at
>
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:373)
>        at
>
> org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:368)
>        at
>
> org.apache.activemq.advisory.AdvisoryBroker.removeConnection(AdvisoryBroker.java:223)
>        at
>
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
>        at
>
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
>        at
>
> org.apache.activemq.security.SimpleAuthenticationBroker.removeConnection(SimpleAuthenticationBroker.java:70)
>        at
>
> org.apache.activemq.broker.BrokerFilter.removeConnection(BrokerFilter.java:110)
>        at
>
> org.apache.activemq.broker.MutableBrokerFilter.removeConnection(MutableBrokerFilter.java:117)
>        at
>
> org.apache.activemq.broker.TransportConnection.processRemoveConnection(TransportConnection.java:720)
>        at
>
> org.apache.activemq.broker.TransportConnection.doStop(TransportConnection.java:991)
>        at
>
> org.apache.activemq.broker.TransportConnection$3.run(TransportConnection.java:918)
>        at java.lang.Thread.run(Thread.java:619)
>  INFO | Connector vm://ina-serverName-br1-master Stopped
>  INFO | Connector openwire Started
>
> I think that there is a bug in ActiveMQ as we can stop this connector.
>
> Question :
>
> How can I define credentials to be used to allow to post a message from JMX
> ?
>
> Kind regards,
>
> Charles
>
> -----
> Charles Moulliard
> SOA Architect
>
> My Blog :  http://cmoulliard.blogspot.com/ http://cmoulliard.blogspot.com/
> --
> View this message in context:
> http://old.nabble.com/ActiveMQ---JMX---Queue-with-%22READ%22-access-define-tp28634596p28634596.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message