You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by mortegah <mo...@gmail.com> on 2015/02/03 12:57:44 UTC
consumer to Broker authentication using JAAS fails

Hi,

I am trying to get authentication and authorization working with ActiveMQ
5.10.1 and I am getting the below security exception when I try to connect
the consumer to the broker after trying to use
JaasCertificateAuthenticationPlugin.

Loading message broker from: xbean:activemq.xml
 INFO | Refreshing org.apache.activemq.xbean.XBeanBrokerFactory$1@10123eee:
startup date [Tue Feb 03 12:55:29 CET 2015]; root of context hierarchy
 INFO |
PListStore:[d:\Pruebas\apache-activemq-5.10.1\bin\..\data\localhost\tmp_storage]
started
 INFO | Using Persistence Adapter:
KahaDBPersistenceAdapter[d:\Pruebas\apache-activemq-5.10.1\bin\..\data\kahadb]
 INFO | KahaDB is version 5
 INFO | Recovering from the journal ...
 INFO | Recovery replayed 29 operations from the journal in 0.017 seconds.
 INFO | Apache ActiveMQ 5.10.1 (localhost,
ID:mortegahpw7-61946-1422964530870-0:1) is starting
 INFO | Listening for connections at:
ssl://mortegahpw7:61614?needClientAuth=true
 INFO | Connector ssl started
 INFO | Connector https started
 INFO | Apache ActiveMQ 5.10.1 (localhost,
ID:mortegahpw7-61946-1422964530870-0:1) started
 INFO | For help or more information please see: http://activemq.apache.org
 INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
 INFO | Initializing Spring FrameworkServlet 'dispatcher'
 INFO | jolokia-agent: No access restrictor found at
classpath:/jolokia-access.xml, access to all MBeans is allowed
 WARN | Failed to add Connection ID:mortegahpw7-50778-1422964583957-2:1
java.lang.SecurityException: Unable to authenticate transport without SSL
certificate.
	at
org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:74)[activemq-broker-5.10.1.jar:5.10.1]
	at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:102)[activemq-broker-5.10.1.jar:5.10.1]
	at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:809)[activemq-broker-5.10.1.jar:5.10.1]
	at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:79)[activemq-broker-5.10.1.jar:5.10.1]
	at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.10.1.jar:5.10.1]
	at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:334)[activemq-broker-5.10.1.jar:5.10.1]
	at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:188)[activemq-broker-5.10.1.jar:5.10.1]
	at
org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:270)[activemq-client-5.10.1.jar:5.10.1]
	at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.10.1.jar:5.10.1]
	at
org.apache.activemq.transport.http.HttpTunnelServlet.doPost(HttpTunnelServlet.java:143)[activemq-http-5.10.1.jar:5.10.1]
	at
javax.servlet.http.HttpServlet.service(HttpServlet.java:713)[geronimo-servlet_2.5_spec-1.2.jar:1.2]
	at
javax.servlet.http.HttpServlet.service(HttpServlet.java:806)[geronimo-servlet_2.5_spec-1.2.jar:1.2]
	at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:652)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:445)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.handler.GzipHandler.handle(GzipHandler.java:301)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1046)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:372)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:978)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.Server.handle(Server.java:367)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:486)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:937)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:998)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:861)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)[jetty-all-server-7.6.9.v20130131.jar:7.6.9.v20130131]
	at java.lang.Thread.run(Thread.java:745)[:1.7.0_71]
 WARN | Security Error occurred: Unable to authenticate transport without
SSL certificate.
 INFO | Stopping blockingQueue_1198464663 because Failed with
SecurityException: Unable to authenticate transport without SSL certificate.

I tried over ssl protocol and https.

Snippet of the ActiveMq broker configuration showing the certificates

	<sslContext>
		 <sslContext keyStore="file:${activemq.base}/cert/broker.ks"
					 keyStorePassword=password
					 trustStore="file:${activemq.base}/cert/broker.ts"
					 trustStorePassword=password />
	  </sslContext>

Without JaasCertificateAuthenticationPlugin the handshake works fine.

Is there anything I missing?

Appreciate for your help,
Manolo




--
View this message in context: http://activemq.2283324.n4.nabble.com/consumer-to-Broker-authentication-using-JAAS-fails-tp4690915.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.