Return-Path: X-Original-To: apmail-activemq-users-archive@www.apache.org Delivered-To: apmail-activemq-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6664319DCA for ; Thu, 10 Mar 2016 16:15:04 +0000 (UTC) Received: (qmail 60957 invoked by uid 500); 10 Mar 2016 16:15:04 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 60914 invoked by uid 500); 10 Mar 2016 16:15:03 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 60903 invoked by uid 99); 10 Mar 2016 16:15:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Mar 2016 16:15:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 45EEEC00B8 for ; Thu, 10 Mar 2016 16:15:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -2.302 X-Spam-Level: X-Spam-Status: No, score=-2.302 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id DSztgzaaCspK for ; Thu, 10 Mar 2016 16:15:02 +0000 (UTC) Received: from mail-prod-route02.it.su.se (mail-prod-route02.it.su.se [77.238.35.140]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 7E4505F216 for ; Thu, 10 Mar 2016 16:15:01 +0000 (UTC) Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) by mail-prod-route02.it.su.se (Postfix) with ESMTP id 3qLb2j1fkxz7J for ; Thu, 10 Mar 2016 17:14:53 +0100 (CET) Received: from smtp.su.se (mail-prod-smtp02.it.su.se [77.238.35.69]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id u2AGEmo3011102 for ; Thu, 10 Mar 2016 17:14:49 +0100 Received: from kaka.it.su.se (kaka.it.su.se [130.237.95.133]) (Authenticated sender: simlu) by smtp.su.se (Postfix) with ESMTPSA id 3qLb2c6CPnz1w for ; Thu, 10 Mar 2016 17:14:48 +0100 (CET) Date: Thu, 10 Mar 2016 17:14:48 +0100 From: Simon =?iso-8859-1?Q?Lundstr=F6m?= To: users@activemq.apache.org Subject: Reloading users and groups properties on change Message-ID: <20160310161448.GG519@kaka.it.su.se> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.5.23 (2014-03-12) X-Bayes-Prob: 0.0001 (Score 0, tokens from: outbound, outbound-su-se:default, su-se:default, base:default, @@RPTN) X-CanIt-Geo: ip=130.237.95.133; country=SE; region=Stockholm; city=Stockholm; latitude=59.3333; longitude=18.0500; http://maps.google.com/maps?q=59.3333,18.0500&z=6 X-CanItPRO-Stream: outbound-su-se:outbound (inherits from outbound-su-se:default,su-se:default,base:default) X-Canit-Stats-ID: 09QsgeNL2 - 08b755284d7f - 20160310 X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw Received-SPF: neutral (e-mailfilter01.sunet.se: 130.237.95.133 is neither permitted nor denied by domain simlu@su.se) receiver=e-mailfilter01.sunet.se; client-ip=130.237.95.133; envelope-from=; helo=smtp.su.se; identity=mailfrom X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201 Hi! I talked to Gary Tully on IRC (and mail) and we decided it was best that I mailed the mailinglist since he was pretty sure that someone here had solved this. We are running 5.13.0 and are trying to get {user,group}s.properties to be reloaded automatically when they are changed. In the init.d-script we've added: ACTIVEMQ_OPTS+=" -Djava.security.auth.login.config=/local/activemq/conf/login.config " and login.config looks like this: activemq-domain { org.apache.activemq.jaas.PropertiesLoginModule required debug=true reload=true org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="../conf.d/approved/groups.properties" ; }; users.properties: system=manager nagios=nagios groups.properties: monitoring=system activemq.xml excerpt: […] […] With this configuration the user nagios should be able to access the queue aliveness-test. To reproduce, modify groups.properties so it looks like: monitoring=system,nagios Check your logs (you need to enable debug logging on org.apache.activemq.jaas.ReloadableProperties): {"thread":"ActiveMQ NIO Worker 622","level":"DEBUG","loggerName":"org.apache.activemq.jaas.ReloadableProperties","message":"Load of: PropsFile=/local/activemq/conf/../conf.d/approved/groups.properties"} so the reloading works, but nagios still can't consume from (or produce to) the queue: {"thread":"ActiveMQ NIO Worker 2","level":"WARN","loggerName":"org.apache.activemq.broker.TransportConnection.Service","message":"Security Error occurred on connection to: tcp://0:0:0:0:0:0:0:1:45357, User nagios is not authorized to read from: queue://aliveness-test"} Note: If I restart ActiveMQ nagios can consume and produce from the queue. Is there any configuration that I've missed? Is this a bug? BR, - Simon ____________________________________ Simon Lundström Section for Infrastructure IT Services Stockholm University SE-106 91 Stockholm, Sweden www.su.se/english/staff-info/it