You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by CobraTheSleek <ka...@yahoo.com> on 2007/10/26 20:55:10 UTC
Active MQ JAAS
I am using activemq-5.0-SNAPSHOT and am trying to get JAAS authentication
working.
I have the login.config and user/group property files configured as per the
example http://activemq.apache.org/security.html
I beleive others have faced this problem but I have not found a concrete
answer. I get the following error when attempting to run the junits.
javax.jms.JMSException: User user is not authorized to read from:
topic://ActiveMQ.Advisory.TempQueue,topic://ActiveMQ.Advisory.TempTopic
at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:46)
at
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1181)
at org.apache.activemq.AdvisoryConsumer.<init>(AdvisoryConsumer.java:46)
at
org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1272)
My broker-config.xml is configured with the jass authentication module:
<plugins>
<jaasAuthenticationPlugin configuration="activemq-domain" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<!-- For all Queues admins can read and write -->
<authorizationEntry queue=">" read="admins" write="admins"
admin="admins" />
<!-- For all Queues USERS. users can read and write and admin -->
<authorizationEntry queue="USERS.>" read="users" write="users"
admin="users" />
<authorizationEntry queue="GUEST.>" read="guests"
write="guests,users" admin="guests,users" />
<authorizationEntry topic=">" read="admins" write="admins"
admin="admins" />
<authorizationEntry topic="USERS.>" read="users"
write="users" admin="users" />
<authorizationEntry topic="GUEST.>" read="guests"
write="guests,users" admin="guests,users" />
<authorizationEntry
topic="org.apache.activemq.spring.Test.spring.topic" read="users"
write="users" admin="guests,users" />
<!--<authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users"
write="guests,users" admin="guests,users"/>-->
<authorizationEntry topic="ActiveMQ.>" read="guests,users"
write="guests,users" admin="guests,users"/>
</authorizationEntries>
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry
read="tempDestinationAdmins" write="tempDestinationAdmins"
admin="tempDestinationAdmins"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
I have tried to delete the activemq-data directory etc to no avail. The
SimpleAuthenticationPlugin works perfectly though.
Any tips would be appreciated.
--
View this message in context: http://www.nabble.com/Active-MQ-JAAS-tf4699203s2354.html#a13433467
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Active MQ JAAS
Posted by CobraTheSleek <ka...@yahoo.com>.
Joe,
Thanks much for the reply. I have a login.config defined in the classpath. I
am using JBoss so in my exploded activemq-rar I have the login.config and
users.properties and groups.properties defined.
Thats about the only thing I am guessing to is that my users.properties is
not picked up or the groups.properties is not picked up.
Thanks much.
ttmdev wrote:
>
> Just for grins, I took your authorizationPlugin and deployed it onto my
> JAAS test setup; everything worked fine.
>
> I can only guess that you're somehow picking up the wrong user.properties
> and/or groups.properties file.
>
> Did you set java.security.auth.login.config ? Or are you letting the JAAS
> plugin find it in the class path?
>
> Joe
>
>
>
> CobraTheSleek wrote:
>>
>> I am using activemq-5.0-SNAPSHOT and am trying to get JAAS authentication
>> working.
>> I have the login.config and user/group property files configured as per
>> the example http://activemq.apache.org/security.html
>>
>> I beleive others have faced this problem but I have not found a concrete
>> answer. I get the following error when attempting to run the junits.
>>
>>
>> javax.jms.JMSException: User user is not authorized to read from:
>> topic://ActiveMQ.Advisory.TempQueue,topic://ActiveMQ.Advisory.TempTopic
>> at
>> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:46)
>> at
>> org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1181)
>> at org.apache.activemq.AdvisoryConsumer.<init>(AdvisoryConsumer.java:46)
>> at
>> org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1272)
>>
>> My broker-config.xml is configured with the jass authentication module:
>>
>> <plugins>
>> <jaasAuthenticationPlugin configuration="activemq-domain" />
>> <authorizationPlugin>
>> <map>
>> <authorizationMap>
>> <authorizationEntries>
>> <!-- For all Queues admins can read and write -->
>> <authorizationEntry queue=">" read="admins"
>> write="admins" admin="admins" />
>> <!-- For all Queues USERS. users can read and write and admin -->
>> <authorizationEntry queue="USERS.>" read="users" write="users"
>> admin="users" />
>> <authorizationEntry queue="GUEST.>" read="guests"
>> write="guests,users" admin="guests,users" />
>>
>> <authorizationEntry topic=">" read="admins"
>> write="admins" admin="admins" />
>> <authorizationEntry topic="USERS.>" read="users"
>> write="users" admin="users" />
>> <authorizationEntry topic="GUEST.>" read="guests"
>> write="guests,users" admin="guests,users" />
>> <authorizationEntry
>> topic="org.apache.activemq.spring.Test.spring.topic" read="users"
>> write="users" admin="guests,users" />
>>
>> <!--<authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users"
>> write="guests,users" admin="guests,users"/>-->
>> <authorizationEntry topic="ActiveMQ.>" read="guests,users"
>> write="guests,users" admin="guests,users"/>
>>
>> </authorizationEntries>
>> <tempDestinationAuthorizationEntry>
>> <tempDestinationAuthorizationEntry
>> read="tempDestinationAdmins" write="tempDestinationAdmins"
>> admin="tempDestinationAdmins"/>
>> </tempDestinationAuthorizationEntry>
>>
>> </authorizationMap>
>> </map>
>> </authorizationPlugin>
>>
>> I have tried to delete the activemq-data directory etc to no avail. The
>> SimpleAuthenticationPlugin works perfectly though.
>>
>> Any tips would be appreciated.
>>
>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Active-MQ-JAAS-tf4699203s2354.html#a13436005
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Active MQ JAAS
Posted by ttmdev <jo...@ttmsolutions.com>.
Just for grins, I took your authorizationPlugin and deployed it onto my JAAS
test setup; everything worked fine.
I can only guess that you're somehow picking up the wrong user.properties
and/or groups.properties file.
Did you set java.security.auth.login.config ? Or are you letting the JAAS
plugin find it in the class path?
Joe
CobraTheSleek wrote:
>
> I am using activemq-5.0-SNAPSHOT and am trying to get JAAS authentication
> working.
> I have the login.config and user/group property files configured as per
> the example http://activemq.apache.org/security.html
>
> I beleive others have faced this problem but I have not found a concrete
> answer. I get the following error when attempting to run the junits.
>
>
> javax.jms.JMSException: User user is not authorized to read from:
> topic://ActiveMQ.Advisory.TempQueue,topic://ActiveMQ.Advisory.TempTopic
> at
> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:46)
> at
> org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1181)
> at org.apache.activemq.AdvisoryConsumer.<init>(AdvisoryConsumer.java:46)
> at
> org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1272)
>
> My broker-config.xml is configured with the jass authentication module:
>
> <plugins>
> <jaasAuthenticationPlugin configuration="activemq-domain" />
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <!-- For all Queues admins can read and write -->
> <authorizationEntry queue=">" read="admins" write="admins"
> admin="admins" />
> <!-- For all Queues USERS. users can read and write and admin -->
> <authorizationEntry queue="USERS.>" read="users" write="users"
> admin="users" />
> <authorizationEntry queue="GUEST.>" read="guests"
> write="guests,users" admin="guests,users" />
>
> <authorizationEntry topic=">" read="admins" write="admins"
> admin="admins" />
> <authorizationEntry topic="USERS.>" read="users"
> write="users" admin="users" />
> <authorizationEntry topic="GUEST.>" read="guests"
> write="guests,users" admin="guests,users" />
> <authorizationEntry
> topic="org.apache.activemq.spring.Test.spring.topic" read="users"
> write="users" admin="guests,users" />
>
> <!--<authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users"
> write="guests,users" admin="guests,users"/>-->
> <authorizationEntry topic="ActiveMQ.>" read="guests,users"
> write="guests,users" admin="guests,users"/>
>
> </authorizationEntries>
> <tempDestinationAuthorizationEntry>
> <tempDestinationAuthorizationEntry
> read="tempDestinationAdmins" write="tempDestinationAdmins"
> admin="tempDestinationAdmins"/>
> </tempDestinationAuthorizationEntry>
>
> </authorizationMap>
> </map>
> </authorizationPlugin>
>
> I have tried to delete the activemq-data directory etc to no avail. The
> SimpleAuthenticationPlugin works perfectly though.
>
> Any tips would be appreciated.
>
>
>
>
--
View this message in context: http://www.nabble.com/Active-MQ-JAAS-tf4699203s2354.html#a13434991
Sent from the ActiveMQ - User mailing list archive at Nabble.com.