You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Tom Purcell <tp...@chariotsolutions.com> on 2008/05/21 22:06:07 UTC
Secutiry and Predefined Destinations
Hello
I'm trying to get the ActiveMQ authorizationPlugin to work. I'm using
the basic jaasAuthenticationPlugin configuration="activemq-domain"
properties logon. My activemq.xml, login.conf, users.properties and
groups.properties are all in my <AMQ_HOME>/conf directory. My activmq.xml is
only slightly different for the example on the site. I have removed jetty,
camel and the commandAgent. I'm running AMQ 5.0.0 on JDK 1.5.0_14-b03. I
delete <AMQ_HOME>/data/localhost between each run to make sure I come up
clean. Everything works... up to a point.
If I run without any defined destinations (queues or topics) everything
works. Users with authority can access the dynamically created queues. Bad
users and bad passwords fail.
The problem is I need to run with defined destinations. When I add the
following to my activemq.xml:
<destinations>
<queue physicalName="wileJmsQueryQueue"/>
</destinations>
I get the following in the log:
14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker |
AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 | Checkpoint
started.
14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker |
AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 | Checkpoint
done.
14:11:50,921 | DEBUG | main | AbstractRegion |
q.broker.region.AbstractRegion 112 | Adding destination:
queue://wileJmsQueryQueue
14:11:50,923 | INFO | main | KahaStore |
e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory
/data/apache-activemq-5.0.0/data/localhost/kr-store/data
14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
AMQMessageStore | vemq.store.amq.AMQMessageStore 328 | Doing batch
update... adding: 0 removing: 0
14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
AMQMessageStore | vemq.store.amq.AMQMessageStore 366 | Batch
update done.
14:11:50,993 | DEBUG | main | AMQMessageStore |
vemq.store.amq.AMQMessageStore 266 | flush starting ...
14:11:51,014 | DEBUG | main | AbstractRegion |
q.broker.region.AbstractRegion 112 | Adding destination:
topic://ActiveMQ.Advisory.Queue
14:11:51,025 | INFO | main | BrokerService |
.activemq.broker.BrokerService 413 | Using Persistence Adapter:
AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost)
14:11:51,029 | DEBUG | main | AMQMessageStore |
vemq.store.amq.AMQMessageStore 266 | flush starting ...
14:11:51,030 | ERROR | main | BrokerService |
.activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS Message
Broker. Reason: java.lang.SecurityException: User is not authenticated.
java.lang.SecurityException: User is not authenticated.
at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
at
org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
at
org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182)
at
org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
at
org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
at org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at
org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
at
org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
at
org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
at
org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
at
org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
at
org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91)
at
org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51)
at
org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
at
org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
at
org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112)
at
org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
at
org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
at
org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
at
org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
at
org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.activemq.console.Main.runTaskClass(Main.java:222)
at org.apache.activemq.console.Main.main(Main.java:106)
14:11:51,033 | INFO | main | faultListableBeanFactory |
t.DefaultSingletonBeanRegistry 285 | Destroying singletons in
org.springframework.beans.factory.support.DefaultListableBeanFactory@162dbb6:
defining beans
[org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService];
root of factory hierarchy
14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService |
.activemq.broker.BrokerService 448 | ActiveMQ Message Broker (localhost,
null) is shutting down
Note that the broker shuts down.
I've tried looking through some AMQ code and the xsd to see if I'm
missing something in the configuration and I'm at a loss. My activemq.xml
(with destinations) is below. Any thoughts will be appreciated.
Thanks
Tom
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:amq="http://activemq.org/config/1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.org/config/1.0
http://activemq.apache.org/schema/activemq-core-5.0.0.xsd
http://activemq.apache.org/camel/schema/spring
http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
<!-- Allows us to use system properties as variables in this
configuration file -->
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<broker xmlns="http://activemq.org/config/1.0" brokerName="localhost"
dataDirectory="${activemq.base}/data">
<destinations>
<queue physicalName="wileJmsQueryQueue"/>
</destinations>
<!-- The transport connectors ActiveMQ will listen to -->
<transportConnectors>
<transportConnector name="openwire" uri="tcp://localhost:61616"
discoveryUri="multicast://default"/>
<transportConnector name="ssl" uri="ssl://localhost:61617"/>
<transportConnector name="stomp" uri="stomp://localhost:61613"/>
<transportConnector name="xmpp" uri="xmpp://localhost:61222"/>
</transportConnectors>
<!-- The store and forward broker networks ActiveMQ will listen to
-->
<networkConnectors>
<networkConnector name="default-nc" uri="multicast://default"/>
</networkConnectors>
<plugins>
<!-- use JAAS to authenticate using the login.config file on
the classpath to configure JAAS -->
<jaasAuthenticationPlugin configuration="activemq-domain"/>
<!-- lets configure a destination based authorization mechanism
-->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="all"
write="all" admin="all"/>
<authorizationEntry topic="ActiveMQ.Advisory.>"
read="all" write="all" admin="all"/>
</authorizationEntries>
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry read="all"
write="all" admin="all"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
</broker>
</beans>
--
View this message in context: http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17370190.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Secutiry and Predefined Destinations
Posted by Tom Purcell <tp...@chariotsolutions.com>.
Joe
It looks like Dejan has created the issue:
https://issues.apache.org/activemq/browse/AMQ-1747 AMQ-1747.
ttmdev wrote:
> Thanks for the help, the code and the confirmation that I wasn't missing
> something.
>
> Thanks
> Tom
>
>
> Tom,
>
> I played around with this some more. Here's my setup and what I'm seeing.
>
> I have a queue called TEST.Q, which gets created when the broker starts
> up. That is, I have the following in the broker's cfg file.
>
> <destinations>
> <queue physicalName="TEST.Q" />
> </destinations>
>
> And I see the following DEBUG statement being put out when the broker
> starts
>
> DEBUG AbstractRegion - Adding destination: queue://TEST.Q
>
> I then start up my JNDI client (frick) that looks up TEST.Q, creates a
> consumer object for TEST.Q, and then connects to the broker. Frick does
> not have admin privileges for TEST.Q, but I see no exceptions being
> thrown by the broker when frick connects. Here's frick's relevant source
> code.
>
> conn = factory.createConnection("frick", "password");
> myQueue = (javax.jms.Queue) ctx.lookup("TEST.Q");
> session = conn.createSession(false,Session.AUTO_ACKNOWLEDGE);
> MessageConsumer receiver = session.createConsumer(myQueue);
> receiver.setMessageListener(this);
> // Start the connection
> conn.start();
>
> I then start up my other JNDI client (frack) that looks up TEST.Q, creates
> a producer object for TEST.Q and then connects to the broker. Frack also
> does not have admin privileges for TEST.Q, and when it connects I see the
> following exception being thrown by the AuthorizationBroker.
>
> java.lang.SecurityException: User frack is not authorized to create:
> queue://TEST.Q
>
> I run my test again, but this time I do not have the broker create TEST.Q
> on startup, and instead have frick (consumer) create it when it connects
> to the broker; however, frick gets the SecurityException when it connects.
>
> I agree that the AuthorizationBroker shouldn't enforce 'admin' rights
> if the destination being added already exists. Let me know the JIRA number
> and I can submit a patch for review.
>
> If you're interested, I have updated our dynamically re-loadable AMQ
> security plugin to do just that.
>
> http://www.ttmsolutions.com/amqsec.php4
>
> Regards,
> Joe
>
>
> Tom Purcell wrote:
>>
>> Looks like jira it is. I have not tried the consumer yet. Mined sharing
>> your code?
>>
>>
>> ttmdev wrote:
>>>
>>> Yup, I'm getting the same thing w/my JNDI producer. However, my consumer
>>> has no problem. Perhaps a JIRA is in order ;)
>>>
>>> Joe
>>>
>>>
>>>
>>> Tom Purcell wrote:
>>>>
>>>> Joe
>>>>
>>>> Thanks for the follow up. I'm almost where I need to be. I made one
>>>> change. I upgraded from AMQ 5.0 to AMQ 5.1. The SecurityException went
>>>> away and AMQ came up clean. But I'm still have a problem and I think it
>>>> has more to do with my client code than AMQ itself. That is I'm not
>>>> sure how to connect.
>>>>
>>>> When I use dynamic queues my code is straightforward:
>>>> requestQueue = queueSession.createQueue("Wile.Jms.Queue.Query.Asset");
>>>> queueSender = queueSession.createSender(requestQueue);
>>>>
>>>> Now that I'm predefining the queues the user that is trying to send to
>>>> the queue does not have admin access and therefore cannot create a
>>>> queue. In fact I don't want that user to create one. I want that user
>>>> to use the one that was created at start up via the AMQ xml
>>>> configuration (<destinations>). The problem is with the above code AMQ
>>>> throws an exception:
>>>> java.lang.SecurityException: User queryuser is not authorized to
>>>> create: queue://Wile.Jms.Queue.Query.Asset
>>>>
>>>> I see why I cannot use createQueue so I'm trying to figure out how to
>>>> "findQueue" and it appears the only way is via JNDI. So I tried this:
>>>> Queue queue = (Queue)jndiContext.lookup("Wile.Jms.Queue.Query.Asset")
>>>> ;
>>>> queueSender = queueSession.createSender(queue);
>>>>
>>>> And I get:
>>>> java.lang.SecurityException: User queryuser is not authorized to
>>>> create: queue://Wile.Jms.Queue.Query.Asset
>>>>
>>>> So I'm not sure how to connect to a predefined queue. Can you point me
>>>> at an example?
>>>>
>>>> Thanks
>>>> Tom
>>>>
>>>>
>>>> ttmdev wrote:
>>>>>
>>>>> FWIW, I have dropped your configuration into my setup (AMQ 5.1, JDK
>>>>> 1.5.0_06-b05, Windoze XP Pro)
>>>>> and have not encountered your problem. I have used both
>>>>> jaasAuthenticationPlugin and simpleAuthenticationPlugin.
>>>>>
>>>>> Joe
>>>>>
>>>>>
>>>>>
>>>>> Tom Purcell wrote:
>>>>>>
>>>>>> Hello
>>>>>> I'm trying to get the ActiveMQ authorizationPlugin to work. I'm
>>>>>> using the basic jaasAuthenticationPlugin
>>>>>> configuration="activemq-domain" properties logon. My activemq.xml,
>>>>>> login.conf, users.properties and groups.properties are all in my
>>>>>> <AMQ_HOME>/conf directory. My activmq.xml is only slightly different
>>>>>> for the example on the site. I have removed jetty, camel and the
>>>>>> commandAgent. I'm running AMQ 5.0.0 on JDK 1.5.0_14-b03. I delete
>>>>>> <AMQ_HOME>/data/localhost between each run to make sure I come up
>>>>>> clean. Everything works... up to a point.
>>>>>>
>>>>>> If I run without any defined destinations (queues or topics)
>>>>>> everything works. Users with authority can access the dynamically
>>>>>> created queues. Bad users and bad passwords fail.
>>>>>>
>>>>>> The problem is I need to run with defined destinations. When I add
>>>>>> the following to my activemq.xml:
>>>>>> <destinations>
>>>>>> <queue physicalName="wileJmsQueryQueue"/>
>>>>>> </destinations>
>>>>>>
>>>>>> I get the following in the log:
>>>>>> 14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>>>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 |
>>>>>> Checkpoint started.
>>>>>> 14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>>>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 |
>>>>>> Checkpoint done.
>>>>>> 14:11:50,921 | DEBUG | main | AbstractRegion |
>>>>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>>>>> queue://wileJmsQueryQueue
>>>>>> 14:11:50,923 | INFO | main | KahaStore |
>>>>>> e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory
>>>>>> /data/apache-activemq-5.0.0/data/localhost/kr-store/data
>>>>>> 14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>>>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 328 |
>>>>>> Doing batch update... adding: 0 removing: 0
>>>>>> 14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>>>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 366 |
>>>>>> Batch update done.
>>>>>> 14:11:50,993 | DEBUG | main | AMQMessageStore |
>>>>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>>>>> 14:11:51,014 | DEBUG | main | AbstractRegion |
>>>>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>>>>> topic://ActiveMQ.Advisory.Queue
>>>>>> 14:11:51,025 | INFO | main | BrokerService |
>>>>>> .activemq.broker.BrokerService 413 | Using Persistence Adapter:
>>>>>> AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost)
>>>>>> 14:11:51,029 | DEBUG | main | AMQMessageStore |
>>>>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>>>>> 14:11:51,030 | ERROR | main | BrokerService |
>>>>>> .activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS
>>>>>> Message Broker. Reason: java.lang.SecurityException: User is not
>>>>>> authenticated.
>>>>>> java.lang.SecurityException: User is not authenticated.
>>>>>> at
>>>>>> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
>>>>>> at
>>>>>> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
>>>>>> at
>>>>>> org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
>>>>>> at
>>>>>> org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182)
>>>>>> at
>>>>>> org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
>>>>>> at
>>>>>> org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
>>>>>> at
>>>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>>>> at
>>>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>>>> at
>>>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>>>> at
>>>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>>>> at
>>>>>> org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
>>>>>> at
>>>>>> org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
>>>>>> at
>>>>>> org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
>>>>>> at
>>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201)
>>>>>> at
>>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171)
>>>>>> at
>>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425)
>>>>>> at
>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
>>>>>> at
>>>>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
>>>>>> at
>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
>>>>>> at
>>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
>>>>>> at
>>>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
>>>>>> at
>>>>>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
>>>>>> at
>>>>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
>>>>>> at
>>>>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
>>>>>> at
>>>>>> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91)
>>>>>> at
>>>>>> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51)
>>>>>> at
>>>>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
>>>>>> at
>>>>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
>>>>>> at
>>>>>> org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112)
>>>>>> at
>>>>>> org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
>>>>>> at
>>>>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>>>>> at
>>>>>> org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
>>>>>> at
>>>>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>>>>> at
>>>>>> org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>> at
>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>>> at
>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>>>>> at org.apache.activemq.console.Main.runTaskClass(Main.java:222)
>>>>>> at org.apache.activemq.console.Main.main(Main.java:106)
>>>>>> 14:11:51,033 | INFO | main | faultListableBeanFactory |
>>>>>> t.DefaultSingletonBeanRegistry 285 | Destroying singletons in
>>>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory@162dbb6:
>>>>>> defining beans
>>>>>> [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService];
>>>>>> root of factory hierarchy
>>>>>> 14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService
>>>>>> | .activemq.broker.BrokerService 448 | ActiveMQ Message Broker
>>>>>> (localhost, null) is shutting down
>>>>>>
>>>>>> Note that the broker shuts down.
>>>>>>
>>>>>> I've tried looking through some AMQ code and the xsd to see if
>>>>>> I'm missing something in the configuration and I'm at a loss. My
>>>>>> activemq.xml (with destinations) is below. Any thoughts will be
>>>>>> appreciated.
>>>>>>
>>>>>> Thanks
>>>>>> Tom
>>>>>>
>>>>>> <beans
>>>>>> xmlns="http://www.springframework.org/schema/beans"
>>>>>> xmlns:amq="http://activemq.org/config/1.0"
>>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>>>
>>>>>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>>>>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>>>>> http://activemq.org/config/1.0
>>>>>> http://activemq.apache.org/schema/activemq-core-5.0.0.xsd
>>>>>> http://activemq.apache.org/camel/schema/spring
>>>>>> http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
>>>>>>
>>>>>> <!-- Allows us to use system properties as variables in this
>>>>>> configuration file -->
>>>>>> <bean
>>>>>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
>>>>>>
>>>>>> <broker xmlns="http://activemq.org/config/1.0"
>>>>>> brokerName="localhost" dataDirectory="${activemq.base}/data">
>>>>>> <destinations>
>>>>>> <queue physicalName="wileJmsQueryQueue"/>
>>>>>> </destinations>
>>>>>> <!-- The transport connectors ActiveMQ will listen to -->
>>>>>> <transportConnectors>
>>>>>> <transportConnector name="openwire"
>>>>>> uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
>>>>>> <transportConnector name="ssl"
>>>>>> uri="ssl://localhost:61617"/>
>>>>>> <transportConnector name="stomp"
>>>>>> uri="stomp://localhost:61613"/>
>>>>>> <transportConnector name="xmpp"
>>>>>> uri="xmpp://localhost:61222"/>
>>>>>> </transportConnectors>
>>>>>>
>>>>>> <!-- The store and forward broker networks ActiveMQ will
>>>>>> listen to -->
>>>>>> <networkConnectors>
>>>>>> <networkConnector name="default-nc"
>>>>>> uri="multicast://default"/>
>>>>>> </networkConnectors>
>>>>>>
>>>>>> <plugins>
>>>>>> <!-- use JAAS to authenticate using the login.config
>>>>>> file on the classpath to configure JAAS -->
>>>>>> <jaasAuthenticationPlugin
>>>>>> configuration="activemq-domain"/>
>>>>>> <!-- lets configure a destination based authorization
>>>>>> mechanism -->
>>>>>> <authorizationPlugin>
>>>>>> <map>
>>>>>> <authorizationMap>
>>>>>> <authorizationEntries>
>>>>>> <authorizationEntry queue=">" read="all"
>>>>>> write="all" admin="all"/>
>>>>>> <authorizationEntry
>>>>>> topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
>>>>>> </authorizationEntries>
>>>>>> <tempDestinationAuthorizationEntry>
>>>>>> <tempDestinationAuthorizationEntry
>>>>>> read="all" write="all" admin="all"/>
>>>>>> </tempDestinationAuthorizationEntry>
>>>>>> </authorizationMap>
>>>>>> </map>
>>>>>> </authorizationPlugin>
>>>>>> </plugins>
>>>>>> </broker>
>>>>>> </beans>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17490030.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Secutiry and Predefined Destinations
Posted by ttmdev <jo...@ttmsolutions.com>.
Tom,
I played around with this some more. Here's my setup and what I'm seeing.
I have a queue called TEST.Q, which gets created when the broker starts up.
That is, I have the following in the broker's cfg file.
<destinations>
<queue physicalName="TEST.Q" />
</destinations>
And I see the following DEBUG statement being put out when the broker starts
DEBUG AbstractRegion - Adding destination: queue://TEST.Q
I then start up my JNDI client (frick) that looks up TEST.Q, creates a
consumer object for TEST.Q, and then connects to the broker. Frick does not
have admin privileges for TEST.Q, but I see no exceptions being thrown by
the broker when frick connects. Here's frick's relevant source code.
conn = factory.createConnection("frick", "password");
myQueue = (javax.jms.Queue) ctx.lookup("TEST.Q");
session = conn.createSession(false,Session.AUTO_ACKNOWLEDGE);
MessageConsumer receiver = session.createConsumer(myQueue);
receiver.setMessageListener(this);
// Start the connection
conn.start();
I then start up my other JNDI client (frack) that looks up TEST.Q, creates
a producer object for TEST.Q and then connects to the broker. Frack also
does not have admin privileges for TEST.Q, and when it connects I see the
following exception being thrown by the AuthorizationBroker.
java.lang.SecurityException: User frack is not authorized to create:
queue://TEST.Q
I run my test again, but this time I do not have the broker create TEST.Q
on startup, and instead have frick (consumer) create it when it connects
to the broker; however, frick gets the SecurityException when it connects.
I agree that the AuthorizationBroker shouldn't enforce 'admin' rights
if the destination being added already exists. Let me know the JIRA number
and I can submit a patch for review.
If you're interested, I have updated our dynamically re-loadable AMQ
security plugin to do just that.
http://www.ttmsolutions.com/amqsec.php4
Regards,
Joe
Tom Purcell wrote:
>
> Looks like jira it is. I have not tried the consumer yet. Mined sharing
> your code?
>
>
> ttmdev wrote:
>>
>> Yup, I'm getting the same thing w/my JNDI producer. However, my consumer
>> has no problem. Perhaps a JIRA is in order ;)
>>
>> Joe
>>
>>
>>
>> Tom Purcell wrote:
>>>
>>> Joe
>>>
>>> Thanks for the follow up. I'm almost where I need to be. I made one
>>> change. I upgraded from AMQ 5.0 to AMQ 5.1. The SecurityException went
>>> away and AMQ came up clean. But I'm still have a problem and I think it
>>> has more to do with my client code than AMQ itself. That is I'm not sure
>>> how to connect.
>>>
>>> When I use dynamic queues my code is straightforward:
>>> requestQueue = queueSession.createQueue("Wile.Jms.Queue.Query.Asset");
>>> queueSender = queueSession.createSender(requestQueue);
>>>
>>> Now that I'm predefining the queues the user that is trying to send to
>>> the queue does not have admin access and therefore cannot create a
>>> queue. In fact I don't want that user to create one. I want that user to
>>> use the one that was created at start up via the AMQ xml configuration
>>> (<destinations>). The problem is with the above code AMQ throws an
>>> exception:
>>> java.lang.SecurityException: User queryuser is not authorized to create:
>>> queue://Wile.Jms.Queue.Query.Asset
>>>
>>> I see why I cannot use createQueue so I'm trying to figure out how to
>>> "findQueue" and it appears the only way is via JNDI. So I tried this:
>>> Queue queue = (Queue)jndiContext.lookup("Wile.Jms.Queue.Query.Asset") ;
>>> queueSender = queueSession.createSender(queue);
>>>
>>> And I get:
>>> java.lang.SecurityException: User queryuser is not authorized to create:
>>> queue://Wile.Jms.Queue.Query.Asset
>>>
>>> So I'm not sure how to connect to a predefined queue. Can you point me
>>> at an example?
>>>
>>> Thanks
>>> Tom
>>>
>>>
>>> ttmdev wrote:
>>>>
>>>> FWIW, I have dropped your configuration into my setup (AMQ 5.1, JDK
>>>> 1.5.0_06-b05, Windoze XP Pro)
>>>> and have not encountered your problem. I have used both
>>>> jaasAuthenticationPlugin and simpleAuthenticationPlugin.
>>>>
>>>> Joe
>>>>
>>>>
>>>>
>>>> Tom Purcell wrote:
>>>>>
>>>>> Hello
>>>>> I'm trying to get the ActiveMQ authorizationPlugin to work. I'm
>>>>> using the basic jaasAuthenticationPlugin
>>>>> configuration="activemq-domain" properties logon. My activemq.xml,
>>>>> login.conf, users.properties and groups.properties are all in my
>>>>> <AMQ_HOME>/conf directory. My activmq.xml is only slightly different
>>>>> for the example on the site. I have removed jetty, camel and the
>>>>> commandAgent. I'm running AMQ 5.0.0 on JDK 1.5.0_14-b03. I delete
>>>>> <AMQ_HOME>/data/localhost between each run to make sure I come up
>>>>> clean. Everything works... up to a point.
>>>>>
>>>>> If I run without any defined destinations (queues or topics)
>>>>> everything works. Users with authority can access the dynamically
>>>>> created queues. Bad users and bad passwords fail.
>>>>>
>>>>> The problem is I need to run with defined destinations. When I add
>>>>> the following to my activemq.xml:
>>>>> <destinations>
>>>>> <queue physicalName="wileJmsQueryQueue"/>
>>>>> </destinations>
>>>>>
>>>>> I get the following in the log:
>>>>> 14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 |
>>>>> Checkpoint started.
>>>>> 14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 |
>>>>> Checkpoint done.
>>>>> 14:11:50,921 | DEBUG | main | AbstractRegion |
>>>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>>>> queue://wileJmsQueryQueue
>>>>> 14:11:50,923 | INFO | main | KahaStore |
>>>>> e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory
>>>>> /data/apache-activemq-5.0.0/data/localhost/kr-store/data
>>>>> 14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 328 | Doing
>>>>> batch update... adding: 0 removing: 0
>>>>> 14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 366 | Batch
>>>>> update done.
>>>>> 14:11:50,993 | DEBUG | main | AMQMessageStore |
>>>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>>>> 14:11:51,014 | DEBUG | main | AbstractRegion |
>>>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>>>> topic://ActiveMQ.Advisory.Queue
>>>>> 14:11:51,025 | INFO | main | BrokerService |
>>>>> .activemq.broker.BrokerService 413 | Using Persistence Adapter:
>>>>> AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost)
>>>>> 14:11:51,029 | DEBUG | main | AMQMessageStore |
>>>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>>>> 14:11:51,030 | ERROR | main | BrokerService |
>>>>> .activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS
>>>>> Message Broker. Reason: java.lang.SecurityException: User is not
>>>>> authenticated.
>>>>> java.lang.SecurityException: User is not authenticated.
>>>>> at
>>>>> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
>>>>> at
>>>>> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
>>>>> at
>>>>> org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
>>>>> at
>>>>> org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182)
>>>>> at
>>>>> org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
>>>>> at
>>>>> org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
>>>>> at
>>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>>> at
>>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>>> at
>>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>>> at
>>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>>> at
>>>>> org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
>>>>> at
>>>>> org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
>>>>> at
>>>>> org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
>>>>> at
>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201)
>>>>> at
>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171)
>>>>> at
>>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425)
>>>>> at
>>>>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
>>>>> at
>>>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
>>>>> at
>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
>>>>> at
>>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
>>>>> at
>>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
>>>>> at
>>>>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
>>>>> at
>>>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
>>>>> at
>>>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
>>>>> at
>>>>> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91)
>>>>> at
>>>>> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51)
>>>>> at
>>>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
>>>>> at
>>>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
>>>>> at
>>>>> org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112)
>>>>> at
>>>>> org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
>>>>> at
>>>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>>>> at
>>>>> org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
>>>>> at
>>>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>>>> at
>>>>> org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>>>> at org.apache.activemq.console.Main.runTaskClass(Main.java:222)
>>>>> at org.apache.activemq.console.Main.main(Main.java:106)
>>>>> 14:11:51,033 | INFO | main | faultListableBeanFactory |
>>>>> t.DefaultSingletonBeanRegistry 285 | Destroying singletons in
>>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory@162dbb6:
>>>>> defining beans
>>>>> [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService];
>>>>> root of factory hierarchy
>>>>> 14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService
>>>>> | .activemq.broker.BrokerService 448 | ActiveMQ Message Broker
>>>>> (localhost, null) is shutting down
>>>>>
>>>>> Note that the broker shuts down.
>>>>>
>>>>> I've tried looking through some AMQ code and the xsd to see if I'm
>>>>> missing something in the configuration and I'm at a loss. My
>>>>> activemq.xml (with destinations) is below. Any thoughts will be
>>>>> appreciated.
>>>>>
>>>>> Thanks
>>>>> Tom
>>>>>
>>>>> <beans
>>>>> xmlns="http://www.springframework.org/schema/beans"
>>>>> xmlns:amq="http://activemq.org/config/1.0"
>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>>
>>>>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>>>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>>>> http://activemq.org/config/1.0
>>>>> http://activemq.apache.org/schema/activemq-core-5.0.0.xsd
>>>>> http://activemq.apache.org/camel/schema/spring
>>>>> http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
>>>>>
>>>>> <!-- Allows us to use system properties as variables in this
>>>>> configuration file -->
>>>>> <bean
>>>>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
>>>>>
>>>>> <broker xmlns="http://activemq.org/config/1.0"
>>>>> brokerName="localhost" dataDirectory="${activemq.base}/data">
>>>>> <destinations>
>>>>> <queue physicalName="wileJmsQueryQueue"/>
>>>>> </destinations>
>>>>> <!-- The transport connectors ActiveMQ will listen to -->
>>>>> <transportConnectors>
>>>>> <transportConnector name="openwire"
>>>>> uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
>>>>> <transportConnector name="ssl"
>>>>> uri="ssl://localhost:61617"/>
>>>>> <transportConnector name="stomp"
>>>>> uri="stomp://localhost:61613"/>
>>>>> <transportConnector name="xmpp"
>>>>> uri="xmpp://localhost:61222"/>
>>>>> </transportConnectors>
>>>>>
>>>>> <!-- The store and forward broker networks ActiveMQ will
>>>>> listen to -->
>>>>> <networkConnectors>
>>>>> <networkConnector name="default-nc"
>>>>> uri="multicast://default"/>
>>>>> </networkConnectors>
>>>>>
>>>>> <plugins>
>>>>> <!-- use JAAS to authenticate using the login.config file
>>>>> on the classpath to configure JAAS -->
>>>>> <jaasAuthenticationPlugin
>>>>> configuration="activemq-domain"/>
>>>>> <!-- lets configure a destination based authorization
>>>>> mechanism -->
>>>>> <authorizationPlugin>
>>>>> <map>
>>>>> <authorizationMap>
>>>>> <authorizationEntries>
>>>>> <authorizationEntry queue=">" read="all"
>>>>> write="all" admin="all"/>
>>>>> <authorizationEntry
>>>>> topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
>>>>> </authorizationEntries>
>>>>> <tempDestinationAuthorizationEntry>
>>>>> <tempDestinationAuthorizationEntry
>>>>> read="all" write="all" admin="all"/>
>>>>> </tempDestinationAuthorizationEntry>
>>>>> </authorizationMap>
>>>>> </map>
>>>>> </authorizationPlugin>
>>>>> </plugins>
>>>>> </broker>
>>>>> </beans>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17460994.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Secutiry and Predefined Destinations
Posted by Tom Purcell <tp...@chariotsolutions.com>.
Looks like jira it is. I have not tried the consumer yet. Mined sharing your
code?
ttmdev wrote:
>
> Yup, I'm getting the same thing w/my JNDI producer. However, my consumer
> has no problem. Perhaps a JIRA is in order ;)
>
> Joe
>
>
>
> Tom Purcell wrote:
>>
>> Joe
>>
>> Thanks for the follow up. I'm almost where I need to be. I made one
>> change. I upgraded from AMQ 5.0 to AMQ 5.1. The SecurityException went
>> away and AMQ came up clean. But I'm still have a problem and I think it
>> has more to do with my client code than AMQ itself. That is I'm not sure
>> how to connect.
>>
>> When I use dynamic queues my code is straightforward:
>> requestQueue = queueSession.createQueue("Wile.Jms.Queue.Query.Asset");
>> queueSender = queueSession.createSender(requestQueue);
>>
>> Now that I'm predefining the queues the user that is trying to send to
>> the queue does not have admin access and therefore cannot create a queue.
>> In fact I don't want that user to create one. I want that user to use the
>> one that was created at start up via the AMQ xml configuration
>> (<destinations>). The problem is with the above code AMQ throws an
>> exception:
>> java.lang.SecurityException: User queryuser is not authorized to create:
>> queue://Wile.Jms.Queue.Query.Asset
>>
>> I see why I cannot use createQueue so I'm trying to figure out how to
>> "findQueue" and it appears the only way is via JNDI. So I tried this:
>> Queue queue = (Queue)jndiContext.lookup("Wile.Jms.Queue.Query.Asset") ;
>> queueSender = queueSession.createSender(queue);
>>
>> And I get:
>> java.lang.SecurityException: User queryuser is not authorized to create:
>> queue://Wile.Jms.Queue.Query.Asset
>>
>> So I'm not sure how to connect to a predefined queue. Can you point me at
>> an example?
>>
>> Thanks
>> Tom
>>
>>
>> ttmdev wrote:
>>>
>>> FWIW, I have dropped your configuration into my setup (AMQ 5.1, JDK
>>> 1.5.0_06-b05, Windoze XP Pro)
>>> and have not encountered your problem. I have used both
>>> jaasAuthenticationPlugin and simpleAuthenticationPlugin.
>>>
>>> Joe
>>>
>>>
>>>
>>> Tom Purcell wrote:
>>>>
>>>> Hello
>>>> I'm trying to get the ActiveMQ authorizationPlugin to work. I'm
>>>> using the basic jaasAuthenticationPlugin
>>>> configuration="activemq-domain" properties logon. My activemq.xml,
>>>> login.conf, users.properties and groups.properties are all in my
>>>> <AMQ_HOME>/conf directory. My activmq.xml is only slightly different
>>>> for the example on the site. I have removed jetty, camel and the
>>>> commandAgent. I'm running AMQ 5.0.0 on JDK 1.5.0_14-b03. I delete
>>>> <AMQ_HOME>/data/localhost between each run to make sure I come up
>>>> clean. Everything works... up to a point.
>>>>
>>>> If I run without any defined destinations (queues or topics)
>>>> everything works. Users with authority can access the dynamically
>>>> created queues. Bad users and bad passwords fail.
>>>>
>>>> The problem is I need to run with defined destinations. When I add
>>>> the following to my activemq.xml:
>>>> <destinations>
>>>> <queue physicalName="wileJmsQueryQueue"/>
>>>> </destinations>
>>>>
>>>> I get the following in the log:
>>>> 14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 |
>>>> Checkpoint started.
>>>> 14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 |
>>>> Checkpoint done.
>>>> 14:11:50,921 | DEBUG | main | AbstractRegion |
>>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>>> queue://wileJmsQueryQueue
>>>> 14:11:50,923 | INFO | main | KahaStore |
>>>> e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory
>>>> /data/apache-activemq-5.0.0/data/localhost/kr-store/data
>>>> 14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 328 | Doing
>>>> batch update... adding: 0 removing: 0
>>>> 14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 366 | Batch
>>>> update done.
>>>> 14:11:50,993 | DEBUG | main | AMQMessageStore |
>>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>>> 14:11:51,014 | DEBUG | main | AbstractRegion |
>>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>>> topic://ActiveMQ.Advisory.Queue
>>>> 14:11:51,025 | INFO | main | BrokerService |
>>>> .activemq.broker.BrokerService 413 | Using Persistence Adapter:
>>>> AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost)
>>>> 14:11:51,029 | DEBUG | main | AMQMessageStore |
>>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>>> 14:11:51,030 | ERROR | main | BrokerService |
>>>> .activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS
>>>> Message Broker. Reason: java.lang.SecurityException: User is not
>>>> authenticated.
>>>> java.lang.SecurityException: User is not authenticated.
>>>> at
>>>> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
>>>> at
>>>> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
>>>> at
>>>> org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
>>>> at
>>>> org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182)
>>>> at
>>>> org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
>>>> at
>>>> org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
>>>> at
>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>> at
>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>> at
>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>> at
>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>> at
>>>> org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
>>>> at
>>>> org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
>>>> at
>>>> org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
>>>> at
>>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
>>>> at
>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
>>>> at
>>>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
>>>> at
>>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
>>>> at
>>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
>>>> at
>>>> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91)
>>>> at
>>>> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51)
>>>> at
>>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
>>>> at
>>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
>>>> at
>>>> org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112)
>>>> at
>>>> org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
>>>> at
>>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>>> at
>>>> org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
>>>> at
>>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>>> at
>>>> org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>>> at org.apache.activemq.console.Main.runTaskClass(Main.java:222)
>>>> at org.apache.activemq.console.Main.main(Main.java:106)
>>>> 14:11:51,033 | INFO | main | faultListableBeanFactory |
>>>> t.DefaultSingletonBeanRegistry 285 | Destroying singletons in
>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory@162dbb6:
>>>> defining beans
>>>> [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService];
>>>> root of factory hierarchy
>>>> 14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService
>>>> | .activemq.broker.BrokerService 448 | ActiveMQ Message Broker
>>>> (localhost, null) is shutting down
>>>>
>>>> Note that the broker shuts down.
>>>>
>>>> I've tried looking through some AMQ code and the xsd to see if I'm
>>>> missing something in the configuration and I'm at a loss. My
>>>> activemq.xml (with destinations) is below. Any thoughts will be
>>>> appreciated.
>>>>
>>>> Thanks
>>>> Tom
>>>>
>>>> <beans
>>>> xmlns="http://www.springframework.org/schema/beans"
>>>> xmlns:amq="http://activemq.org/config/1.0"
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>>> http://activemq.org/config/1.0
>>>> http://activemq.apache.org/schema/activemq-core-5.0.0.xsd
>>>> http://activemq.apache.org/camel/schema/spring
>>>> http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
>>>>
>>>> <!-- Allows us to use system properties as variables in this
>>>> configuration file -->
>>>> <bean
>>>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
>>>>
>>>> <broker xmlns="http://activemq.org/config/1.0"
>>>> brokerName="localhost" dataDirectory="${activemq.base}/data">
>>>> <destinations>
>>>> <queue physicalName="wileJmsQueryQueue"/>
>>>> </destinations>
>>>> <!-- The transport connectors ActiveMQ will listen to -->
>>>> <transportConnectors>
>>>> <transportConnector name="openwire"
>>>> uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
>>>> <transportConnector name="ssl"
>>>> uri="ssl://localhost:61617"/>
>>>> <transportConnector name="stomp"
>>>> uri="stomp://localhost:61613"/>
>>>> <transportConnector name="xmpp"
>>>> uri="xmpp://localhost:61222"/>
>>>> </transportConnectors>
>>>>
>>>> <!-- The store and forward broker networks ActiveMQ will listen
>>>> to -->
>>>> <networkConnectors>
>>>> <networkConnector name="default-nc"
>>>> uri="multicast://default"/>
>>>> </networkConnectors>
>>>>
>>>> <plugins>
>>>> <!-- use JAAS to authenticate using the login.config file
>>>> on the classpath to configure JAAS -->
>>>> <jaasAuthenticationPlugin configuration="activemq-domain"/>
>>>> <!-- lets configure a destination based authorization
>>>> mechanism -->
>>>> <authorizationPlugin>
>>>> <map>
>>>> <authorizationMap>
>>>> <authorizationEntries>
>>>> <authorizationEntry queue=">" read="all"
>>>> write="all" admin="all"/>
>>>> <authorizationEntry
>>>> topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
>>>> </authorizationEntries>
>>>> <tempDestinationAuthorizationEntry>
>>>> <tempDestinationAuthorizationEntry
>>>> read="all" write="all" admin="all"/>
>>>> </tempDestinationAuthorizationEntry>
>>>> </authorizationMap>
>>>> </map>
>>>> </authorizationPlugin>
>>>> </plugins>
>>>> </broker>
>>>> </beans>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17448270.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Secutiry and Predefined Destinations
Posted by ttmdev <jo...@ttmsolutions.com>.
Yup, I'm getting the same thing w/my JNDI producer. However, my consumer has
no problem. Perhaps a JIRA is in order ;)
Joe
Tom Purcell wrote:
>
> Joe
>
> Thanks for the follow up. I'm almost where I need to be. I made one
> change. I upgraded from AMQ 5.0 to AMQ 5.1. The SecurityException went
> away and AMQ came up clean. But I'm still have a problem and I think it
> has more to do with my client code than AMQ itself. That is I'm not sure
> how to connect.
>
> When I use dynamic queues my code is straightforward:
> requestQueue = queueSession.createQueue("Wile.Jms.Queue.Query.Asset");
> queueSender = queueSession.createSender(requestQueue);
>
> Now that I'm predefining the queues the user that is trying to send to the
> queue does not have admin access and therefore cannot create a queue. In
> fact I don't want that user to create one. I want that user to use the one
> that was created at start up via the AMQ xml configuration
> (<destinations>). The problem is with the above code AMQ throws an
> exception:
> java.lang.SecurityException: User queryuser is not authorized to create:
> queue://Wile.Jms.Queue.Query.Asset
>
> I see why I cannot use createQueue so I'm trying to figure out how to
> "findQueue" and it appears the only way is via JNDI. So I tried this:
> Queue queue = (Queue)jndiContext.lookup("Wile.Jms.Queue.Query.Asset") ;
> queueSender = queueSession.createSender(queue);
>
> And I get:
> java.lang.SecurityException: User queryuser is not authorized to create:
> queue://Wile.Jms.Queue.Query.Asset
>
> So I'm not sure how to connect to a predefined queue. Can you point me at
> an example?
>
> Thanks
> Tom
>
>
> ttmdev wrote:
>>
>> FWIW, I have dropped your configuration into my setup (AMQ 5.1, JDK
>> 1.5.0_06-b05, Windoze XP Pro)
>> and have not encountered your problem. I have used both
>> jaasAuthenticationPlugin and simpleAuthenticationPlugin.
>>
>> Joe
>>
>>
>>
>> Tom Purcell wrote:
>>>
>>> Hello
>>> I'm trying to get the ActiveMQ authorizationPlugin to work. I'm
>>> using the basic jaasAuthenticationPlugin configuration="activemq-domain"
>>> properties logon. My activemq.xml, login.conf, users.properties and
>>> groups.properties are all in my <AMQ_HOME>/conf directory. My
>>> activmq.xml is only slightly different for the example on the site. I
>>> have removed jetty, camel and the commandAgent. I'm running AMQ 5.0.0 on
>>> JDK 1.5.0_14-b03. I delete <AMQ_HOME>/data/localhost between each run to
>>> make sure I come up clean. Everything works... up to a point.
>>>
>>> If I run without any defined destinations (queues or topics)
>>> everything works. Users with authority can access the dynamically
>>> created queues. Bad users and bad passwords fail.
>>>
>>> The problem is I need to run with defined destinations. When I add
>>> the following to my activemq.xml:
>>> <destinations>
>>> <queue physicalName="wileJmsQueryQueue"/>
>>> </destinations>
>>>
>>> I get the following in the log:
>>> 14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 |
>>> Checkpoint started.
>>> 14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 |
>>> Checkpoint done.
>>> 14:11:50,921 | DEBUG | main | AbstractRegion |
>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>> queue://wileJmsQueryQueue
>>> 14:11:50,923 | INFO | main | KahaStore |
>>> e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory
>>> /data/apache-activemq-5.0.0/data/localhost/kr-store/data
>>> 14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 328 | Doing
>>> batch update... adding: 0 removing: 0
>>> 14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 366 | Batch
>>> update done.
>>> 14:11:50,993 | DEBUG | main | AMQMessageStore |
>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>> 14:11:51,014 | DEBUG | main | AbstractRegion |
>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>> topic://ActiveMQ.Advisory.Queue
>>> 14:11:51,025 | INFO | main | BrokerService |
>>> .activemq.broker.BrokerService 413 | Using Persistence Adapter:
>>> AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost)
>>> 14:11:51,029 | DEBUG | main | AMQMessageStore |
>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>> 14:11:51,030 | ERROR | main | BrokerService |
>>> .activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS
>>> Message Broker. Reason: java.lang.SecurityException: User is not
>>> authenticated.
>>> java.lang.SecurityException: User is not authenticated.
>>> at
>>> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
>>> at
>>> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
>>> at
>>> org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
>>> at
>>> org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182)
>>> at
>>> org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
>>> at
>>> org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
>>> at
>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>> at
>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>> at
>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>> at
>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>> at
>>> org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
>>> at
>>> org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
>>> at
>>> org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
>>> at
>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201)
>>> at
>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171)
>>> at
>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425)
>>> at
>>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
>>> at
>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
>>> at
>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
>>> at
>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
>>> at
>>> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
>>> at
>>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
>>> at
>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
>>> at
>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
>>> at
>>> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91)
>>> at
>>> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51)
>>> at
>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
>>> at
>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
>>> at
>>> org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112)
>>> at
>>> org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
>>> at
>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>> at
>>> org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
>>> at
>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>> at
>>> org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>> at org.apache.activemq.console.Main.runTaskClass(Main.java:222)
>>> at org.apache.activemq.console.Main.main(Main.java:106)
>>> 14:11:51,033 | INFO | main | faultListableBeanFactory |
>>> t.DefaultSingletonBeanRegistry 285 | Destroying singletons in
>>> org.springframework.beans.factory.support.DefaultListableBeanFactory@162dbb6:
>>> defining beans
>>> [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService];
>>> root of factory hierarchy
>>> 14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService
>>> | .activemq.broker.BrokerService 448 | ActiveMQ Message Broker
>>> (localhost, null) is shutting down
>>>
>>> Note that the broker shuts down.
>>>
>>> I've tried looking through some AMQ code and the xsd to see if I'm
>>> missing something in the configuration and I'm at a loss. My
>>> activemq.xml (with destinations) is below. Any thoughts will be
>>> appreciated.
>>>
>>> Thanks
>>> Tom
>>>
>>> <beans
>>> xmlns="http://www.springframework.org/schema/beans"
>>> xmlns:amq="http://activemq.org/config/1.0"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>> http://activemq.org/config/1.0
>>> http://activemq.apache.org/schema/activemq-core-5.0.0.xsd
>>> http://activemq.apache.org/camel/schema/spring
>>> http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
>>>
>>> <!-- Allows us to use system properties as variables in this
>>> configuration file -->
>>> <bean
>>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
>>>
>>> <broker xmlns="http://activemq.org/config/1.0"
>>> brokerName="localhost" dataDirectory="${activemq.base}/data">
>>> <destinations>
>>> <queue physicalName="wileJmsQueryQueue"/>
>>> </destinations>
>>> <!-- The transport connectors ActiveMQ will listen to -->
>>> <transportConnectors>
>>> <transportConnector name="openwire"
>>> uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
>>> <transportConnector name="ssl" uri="ssl://localhost:61617"/>
>>> <transportConnector name="stomp"
>>> uri="stomp://localhost:61613"/>
>>> <transportConnector name="xmpp"
>>> uri="xmpp://localhost:61222"/>
>>> </transportConnectors>
>>>
>>> <!-- The store and forward broker networks ActiveMQ will listen
>>> to -->
>>> <networkConnectors>
>>> <networkConnector name="default-nc"
>>> uri="multicast://default"/>
>>> </networkConnectors>
>>>
>>> <plugins>
>>> <!-- use JAAS to authenticate using the login.config file
>>> on the classpath to configure JAAS -->
>>> <jaasAuthenticationPlugin configuration="activemq-domain"/>
>>> <!-- lets configure a destination based authorization
>>> mechanism -->
>>> <authorizationPlugin>
>>> <map>
>>> <authorizationMap>
>>> <authorizationEntries>
>>> <authorizationEntry queue=">" read="all"
>>> write="all" admin="all"/>
>>> <authorizationEntry
>>> topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
>>> </authorizationEntries>
>>> <tempDestinationAuthorizationEntry>
>>> <tempDestinationAuthorizationEntry
>>> read="all" write="all" admin="all"/>
>>> </tempDestinationAuthorizationEntry>
>>> </authorizationMap>
>>> </map>
>>> </authorizationPlugin>
>>> </plugins>
>>> </broker>
>>> </beans>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17442329.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Secutiry and Predefined Destinations
Posted by Dejan Bosanac <de...@nighttale.net>.
I've created Jira issue and attached a patch with test case and a simple
solution. Basically, AuthorizationBroker now checks whether destination
exists before it tries to authorize user and create it. All other security
tests are green, so I guess it should do the trick.
Cheers
--
Dejan Bosanac
www.scriptinginjava.net
Re: Secutiry and Predefined Destinations
Posted by "Jean-Fabrice [gmail]" <je...@gmail.com>.
2008/5/23 Tom Purcell <tp...@chariotsolutions.com>:
> And I get:
> java.lang.SecurityException: User queryuser is not authorized to create:
> queue://Wile.Jms.Queue.Query.Asset
>
> So I'm not sure how to connect to a predefined queue. Can you point me at an
> example?
>
I think I have a similar issue, as described here :
http://www.nabble.com/-AMQ5--Desesperately-trying-to-use-read-write-privileges-on-queue-tt17334948s2354.html
I'm trying to read/write to a predefined queue using appropriate
privileges (but not admins) and I get errors
JF
Re: Secutiry and Predefined Destinations
Posted by Tom Purcell <tp...@chariotsolutions.com>.
Joe
Thanks for the follow up. I'm almost where I need to be. I made one change.
I upgraded from AMQ 5.0 to AMQ 5.1. The SecurityException went away and AMQ
came up clean. But I'm still have a problem and I think it has more to do
with my client code than AMQ itself. That is I'm not sure how to connect.
When I use dynamic queues my code is straightforward:
requestQueue = queueSession.createQueue("Wile.Jms.Queue.Query.Asset");
queueSender = queueSession.createSender(requestQueue);
Now that I'm predefining the queues the user that is trying to send to the
queue does not have admin access and therefore cannot create a queue. In
fact I don't want that user to create one. I want that user to use the one
that was created at start up via the AMQ xml configuration (<destinations>).
The problem is with the above code AMQ throws an exception:
java.lang.SecurityException: User queryuser is not authorized to create:
queue://Wile.Jms.Queue.Query.Asset
I see why I cannot use createQueue so I'm trying to figure out how to
"findQueue" and it appears the only way is via JNDI. So I tried this:
Queue queue = (Queue)jndiContext.lookup("Wile.Jms.Queue.Query.Asset") ;
queueSender = queueSession.createSender(queue);
And I get:
java.lang.SecurityException: User queryuser is not authorized to create:
queue://Wile.Jms.Queue.Query.Asset
So I'm not sure how to connect to a predefined queue. Can you point me at an
example?
Thanks
Tom
ttmdev wrote:
>
> FWIW, I have dropped your configuration into my setup (AMQ 5.1, JDK
> 1.5.0_06-b05, Windoze XP Pro)
> and have not encountered your problem. I have used both
> jaasAuthenticationPlugin and simpleAuthenticationPlugin.
>
> Joe
>
>
>
> Tom Purcell wrote:
>>
>> Hello
>> I'm trying to get the ActiveMQ authorizationPlugin to work. I'm using
>> the basic jaasAuthenticationPlugin configuration="activemq-domain"
>> properties logon. My activemq.xml, login.conf, users.properties and
>> groups.properties are all in my <AMQ_HOME>/conf directory. My activmq.xml
>> is only slightly different for the example on the site. I have removed
>> jetty, camel and the commandAgent. I'm running AMQ 5.0.0 on JDK
>> 1.5.0_14-b03. I delete <AMQ_HOME>/data/localhost between each run to make
>> sure I come up clean. Everything works... up to a point.
>>
>> If I run without any defined destinations (queues or topics)
>> everything works. Users with authority can access the dynamically created
>> queues. Bad users and bad passwords fail.
>>
>> The problem is I need to run with defined destinations. When I add the
>> following to my activemq.xml:
>> <destinations>
>> <queue physicalName="wileJmsQueryQueue"/>
>> </destinations>
>>
>> I get the following in the log:
>> 14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 |
>> Checkpoint started.
>> 14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 |
>> Checkpoint done.
>> 14:11:50,921 | DEBUG | main | AbstractRegion |
>> q.broker.region.AbstractRegion 112 | Adding destination:
>> queue://wileJmsQueryQueue
>> 14:11:50,923 | INFO | main | KahaStore |
>> e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory
>> /data/apache-activemq-5.0.0/data/localhost/kr-store/data
>> 14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>> AMQMessageStore | vemq.store.amq.AMQMessageStore 328 | Doing
>> batch update... adding: 0 removing: 0
>> 14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>> AMQMessageStore | vemq.store.amq.AMQMessageStore 366 | Batch
>> update done.
>> 14:11:50,993 | DEBUG | main | AMQMessageStore |
>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>> 14:11:51,014 | DEBUG | main | AbstractRegion |
>> q.broker.region.AbstractRegion 112 | Adding destination:
>> topic://ActiveMQ.Advisory.Queue
>> 14:11:51,025 | INFO | main | BrokerService |
>> .activemq.broker.BrokerService 413 | Using Persistence Adapter:
>> AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost)
>> 14:11:51,029 | DEBUG | main | AMQMessageStore |
>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>> 14:11:51,030 | ERROR | main | BrokerService |
>> .activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS
>> Message Broker. Reason: java.lang.SecurityException: User is not
>> authenticated.
>> java.lang.SecurityException: User is not authenticated.
>> at
>> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
>> at
>> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
>> at
>> org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
>> at
>> org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182)
>> at
>> org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
>> at
>> org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
>> at
>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>> at
>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>> at
>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>> at
>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>> at
>> org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
>> at
>> org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
>> at
>> org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
>> at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201)
>> at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171)
>> at
>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425)
>> at
>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
>> at
>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
>> at
>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
>> at
>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
>> at
>> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
>> at
>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
>> at
>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
>> at
>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
>> at
>> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91)
>> at
>> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51)
>> at
>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
>> at
>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
>> at
>> org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112)
>> at
>> org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
>> at
>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>> at
>> org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
>> at
>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>> at
>> org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:585)
>> at org.apache.activemq.console.Main.runTaskClass(Main.java:222)
>> at org.apache.activemq.console.Main.main(Main.java:106)
>> 14:11:51,033 | INFO | main | faultListableBeanFactory |
>> t.DefaultSingletonBeanRegistry 285 | Destroying singletons in
>> org.springframework.beans.factory.support.DefaultListableBeanFactory@162dbb6:
>> defining beans
>> [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService];
>> root of factory hierarchy
>> 14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService |
>> .activemq.broker.BrokerService 448 | ActiveMQ Message Broker (localhost,
>> null) is shutting down
>>
>> Note that the broker shuts down.
>>
>> I've tried looking through some AMQ code and the xsd to see if I'm
>> missing something in the configuration and I'm at a loss. My activemq.xml
>> (with destinations) is below. Any thoughts will be appreciated.
>>
>> Thanks
>> Tom
>>
>> <beans
>> xmlns="http://www.springframework.org/schema/beans"
>> xmlns:amq="http://activemq.org/config/1.0"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>> http://activemq.org/config/1.0
>> http://activemq.apache.org/schema/activemq-core-5.0.0.xsd
>> http://activemq.apache.org/camel/schema/spring
>> http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
>>
>> <!-- Allows us to use system properties as variables in this
>> configuration file -->
>> <bean
>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
>>
>> <broker xmlns="http://activemq.org/config/1.0" brokerName="localhost"
>> dataDirectory="${activemq.base}/data">
>> <destinations>
>> <queue physicalName="wileJmsQueryQueue"/>
>> </destinations>
>> <!-- The transport connectors ActiveMQ will listen to -->
>> <transportConnectors>
>> <transportConnector name="openwire"
>> uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
>> <transportConnector name="ssl" uri="ssl://localhost:61617"/>
>> <transportConnector name="stomp"
>> uri="stomp://localhost:61613"/>
>> <transportConnector name="xmpp"
>> uri="xmpp://localhost:61222"/>
>> </transportConnectors>
>>
>> <!-- The store and forward broker networks ActiveMQ will listen
>> to -->
>> <networkConnectors>
>> <networkConnector name="default-nc"
>> uri="multicast://default"/>
>> </networkConnectors>
>>
>> <plugins>
>> <!-- use JAAS to authenticate using the login.config file on
>> the classpath to configure JAAS -->
>> <jaasAuthenticationPlugin configuration="activemq-domain"/>
>> <!-- lets configure a destination based authorization
>> mechanism -->
>> <authorizationPlugin>
>> <map>
>> <authorizationMap>
>> <authorizationEntries>
>> <authorizationEntry queue=">" read="all"
>> write="all" admin="all"/>
>> <authorizationEntry
>> topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
>> </authorizationEntries>
>> <tempDestinationAuthorizationEntry>
>> <tempDestinationAuthorizationEntry read="all"
>> write="all" admin="all"/>
>> </tempDestinationAuthorizationEntry>
>> </authorizationMap>
>> </map>
>> </authorizationPlugin>
>> </plugins>
>> </broker>
>> </beans>
>>
>>
>>
>>
>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17440643.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Secutiry and Predefined Destinations
Posted by ttmdev <jo...@ttmsolutions.com>.
FWIW, I have dropped your configuration into my setup (AMQ 5.1, JDK
1.5.0_06-b05, Windoze XP Pro)
and have not encountered your problem. I have used both
jaasAuthenticationPlugin and simpleAuthenticationPlugin.
Joe
Tom Purcell wrote:
>
> Hello
> I'm trying to get the ActiveMQ authorizationPlugin to work. I'm using
> the basic jaasAuthenticationPlugin configuration="activemq-domain"
> properties logon. My activemq.xml, login.conf, users.properties and
> groups.properties are all in my <AMQ_HOME>/conf directory. My activmq.xml
> is only slightly different for the example on the site. I have removed
> jetty, camel and the commandAgent. I'm running AMQ 5.0.0 on JDK
> 1.5.0_14-b03. I delete <AMQ_HOME>/data/localhost between each run to make
> sure I come up clean. Everything works... up to a point.
>
> If I run without any defined destinations (queues or topics)
> everything works. Users with authority can access the dynamically created
> queues. Bad users and bad passwords fail.
>
> The problem is I need to run with defined destinations. When I add the
> following to my activemq.xml:
> <destinations>
> <queue physicalName="wileJmsQueryQueue"/>
> </destinations>
>
> I get the following in the log:
> 14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker |
> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 |
> Checkpoint started.
> 14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker |
> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 |
> Checkpoint done.
> 14:11:50,921 | DEBUG | main | AbstractRegion |
> q.broker.region.AbstractRegion 112 | Adding destination:
> queue://wileJmsQueryQueue
> 14:11:50,923 | INFO | main | KahaStore |
> e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory
> /data/apache-activemq-5.0.0/data/localhost/kr-store/data
> 14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
> AMQMessageStore | vemq.store.amq.AMQMessageStore 328 | Doing
> batch update... adding: 0 removing: 0
> 14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
> AMQMessageStore | vemq.store.amq.AMQMessageStore 366 | Batch
> update done.
> 14:11:50,993 | DEBUG | main | AMQMessageStore |
> vemq.store.amq.AMQMessageStore 266 | flush starting ...
> 14:11:51,014 | DEBUG | main | AbstractRegion |
> q.broker.region.AbstractRegion 112 | Adding destination:
> topic://ActiveMQ.Advisory.Queue
> 14:11:51,025 | INFO | main | BrokerService |
> .activemq.broker.BrokerService 413 | Using Persistence Adapter:
> AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost)
> 14:11:51,029 | DEBUG | main | AMQMessageStore |
> vemq.store.amq.AMQMessageStore 266 | flush starting ...
> 14:11:51,030 | ERROR | main | BrokerService |
> .activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS Message
> Broker. Reason: java.lang.SecurityException: User is not authenticated.
> java.lang.SecurityException: User is not authenticated.
> at
> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
> at
> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
> at
> org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
> at
> org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182)
> at
> org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
> at
> org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
> at
> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
> at
> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
> at
> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
> at
> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
> at
> org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
> at
> org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
> at
> org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
> at
> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
> at
> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
> at
> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91)
> at
> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51)
> at
> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
> at
> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
> at
> org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112)
> at
> org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
> at
> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
> at
> org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
> at
> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
> at
> org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at org.apache.activemq.console.Main.runTaskClass(Main.java:222)
> at org.apache.activemq.console.Main.main(Main.java:106)
> 14:11:51,033 | INFO | main | faultListableBeanFactory |
> t.DefaultSingletonBeanRegistry 285 | Destroying singletons in
> org.springframework.beans.factory.support.DefaultListableBeanFactory@162dbb6:
> defining beans
> [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService];
> root of factory hierarchy
> 14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService |
> .activemq.broker.BrokerService 448 | ActiveMQ Message Broker (localhost,
> null) is shutting down
>
> Note that the broker shuts down.
>
> I've tried looking through some AMQ code and the xsd to see if I'm
> missing something in the configuration and I'm at a loss. My activemq.xml
> (with destinations) is below. Any thoughts will be appreciated.
>
> Thanks
> Tom
>
> <beans
> xmlns="http://www.springframework.org/schema/beans"
> xmlns:amq="http://activemq.org/config/1.0"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> http://activemq.org/config/1.0
> http://activemq.apache.org/schema/activemq-core-5.0.0.xsd
> http://activemq.apache.org/camel/schema/spring
> http://activemq.apache.org/camel/schema/spring/camel-spring.xsd">
>
> <!-- Allows us to use system properties as variables in this
> configuration file -->
> <bean
> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
>
> <broker xmlns="http://activemq.org/config/1.0" brokerName="localhost"
> dataDirectory="${activemq.base}/data">
> <destinations>
> <queue physicalName="wileJmsQueryQueue"/>
> </destinations>
> <!-- The transport connectors ActiveMQ will listen to -->
> <transportConnectors>
> <transportConnector name="openwire"
> uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
> <transportConnector name="ssl" uri="ssl://localhost:61617"/>
> <transportConnector name="stomp"
> uri="stomp://localhost:61613"/>
> <transportConnector name="xmpp" uri="xmpp://localhost:61222"/>
> </transportConnectors>
>
> <!-- The store and forward broker networks ActiveMQ will listen to
> -->
> <networkConnectors>
> <networkConnector name="default-nc"
> uri="multicast://default"/>
> </networkConnectors>
>
> <plugins>
> <!-- use JAAS to authenticate using the login.config file on
> the classpath to configure JAAS -->
> <jaasAuthenticationPlugin configuration="activemq-domain"/>
> <!-- lets configure a destination based authorization
> mechanism -->
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue=">" read="all"
> write="all" admin="all"/>
> <authorizationEntry
> topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
> </authorizationEntries>
> <tempDestinationAuthorizationEntry>
> <tempDestinationAuthorizationEntry read="all"
> write="all" admin="all"/>
> </tempDestinationAuthorizationEntry>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> </plugins>
> </broker>
> </beans>
>
>
>
>
>
>
>
--
View this message in context: http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17432647.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.