You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by Mukesh Mediratta <me...@mail.nih.gov> on 2008/06/02 23:15:59 UTC
Re: JAAS Support
Hi Guillaume,
Any development on this now. We are Using ActiveMQ JMS Queues for
inbound/outbound communication with our our partner application. We want to
secure these inboud/outbound queues.
We have external ActiveMQ running and we are able to configure JAAS on this.
However we are not able to configure servicemix components to pass the user
credentials when they have to communicate with ActiveMQ. Please help us
understand how to configure this.
Thanks
Mukesh Mediratta
gnodet wrote:
>
> This is not really documented. For the time being, you'll have to rely on
> the source code, but if you have any specific questions, feel free to ask.
>
> On Dec 19, 2007 3:47 PM, Lukasz L. <Lu...@sabre.com> wrote:
>
>>
>> I'm joing the question,
>> is there an example of doing this in dynamic configuration?
>> was the current state of security in service mix?
>>
>>
>> Mukesh Mediratta wrote:
>> >
>> > Has any one configured JAAS Authentication and Authorization Services
>> in
>> > ServiceMix. Any details shall be appreciated.
>> >
>> > I notice security.xml, user-credentials properties, groups etc.. Is
>> there
>> > any document describing these.
>> >
>> > Thanks
>> > Mukesh Mediratta
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/JAAS-Support-tp5719650s12049p14418363.html
>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>
>>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
>
>
--
View this message in context: http://www.nabble.com/JAAS-Support-tp5719650p17610977.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: JAAS Support
Posted by Mukesh Mediratta <me...@mail.nih.gov>.
Hi Guillaume,
My reply to your questions below :
GN: "What exactly do you mean by securing a queue ? You mean that not
everybody can send a message to this queue ?"
MM: Yes that is what we want to accomplish. Also we donot want any
unauthorised client receiving data from the outboud queue.
GN : In such a case, is the user mapped to ServiceMix or is it the user that
originaly sent the
message ? -
MM: No.. We are not sure how to do this. Could you please advice.
GN: or you want to send the user identity in the JMS message in
some way ?
MM: No we are not looking for message level security.
We attempted implimenting JAAS in embeded ActiveMQ/ServiceMix configuration
and we failed.
1. Configure embeded ActiveMQ JMS with JAAS configuration and we get the
error starting our service unit as given below. This code works fine without
JAAS security. In this case we changed following files
- ActiveMQ.xml ( JAAS Configuration in new files for ActiveMQ..
login.config, user.properties, group.properties )
- ServiceMix.xml ( Added user name, password to JMS flow )
- JNDI.xml ( Added username, password to manage ActiveMQ
managedConnectionFactory)
- login.properties (Added loginModuleConfiguration for ActiveMQ-Domain )
After we make these changes we tried restarting ServiceMix and we get
following error.
We would appreciate your valuable inputs.
Thanks
Mukesh Mediratta
10:13:46,421 | INFO | Timer-4 | ServiceUnitLifeCycle |
framework.ServiceUnitLifeCycle 97 | Starting service unit:
caXchange-beans-su
10:13:46,453 | ERROR | Timer-4 | JCAFlow |
cemix.jbi.nmr.flow.jca.JCAFlow 372 | Cannot create consumer for
ServiceEndpoint[service={http://nci.nih.gov/caXchange}ctomRegistrationRollback,endpoint=ctomRegistrationRollbackEndpoint]
javax.jms.JMSException: User name or password is invalid.
at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:46)
at
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1181)
at
org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1263)
at
org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:276)
at
org.apache.activemq.ra.ManagedConnectionProxy.createSessionProxy(ManagedConnectionProxy.java:116)
at
org.apache.activemq.ra.ManagedConnectionProxy.createSession(ManagedConnectionProxy.java:106)
at
org.apache.servicemix.jbi.nmr.flow.jca.JCAFlow.sendJmsMessage(JCAFlow.java:579)
at
org.apache.servicemix.jbi.nmr.flow.jca.JCAFlow.onInternalEndpointRegistered(JCAFlow.java:369)
at
org.apache.servicemix.jbi.nmr.flow.jca.JCAFlow$1.internalEndpointRegistered(JCAFlow.java:195)
at
org.apache.servicemix.jbi.framework.EndpointRegistry.fireEvent(EndpointRegistry.java:520)
at
org.apache.servicemix.jbi.framework.EndpointRegistry.registerInternalEndpoint(EndpointRegistry.java:212)
at
org.apache.servicemix.jbi.framework.Registry.activateEndpoint(Registry.java:192)
at
org.apache.servicemix.jbi.framework.ComponentContextImpl.activateEndpoint(ComponentContextImpl.java:126)
at
org.apache.servicemix.common.endpoints.ProviderEndpoint.start(ProviderEndpoint.java:58)
at org.apache.servicemix.bean.BeanEndpoint.start(BeanEndpoint.java:94)
at
org.apache.servicemix.common.endpoints.SimpleEndpoint.activate(SimpleEndpoint.java:55)
at org.apache.servicemix.common.ServiceUnit.start(ServiceUnit.java:55)
at
org.apache.servicemix.common.BaseServiceUnitManager.start(BaseServiceUnitManager.java:151)
at
org.apache.servicemix.jbi.framework.ServiceUnitLifeCycle.start(ServiceUnitLifeCycle.java:103)
at
org.apache.servicemix.jbi.framework.ServiceAssemblyLifeCycle.start(ServiceAssemblyLifeCycle.java:130)
at
org.apache.servicemix.jbi.framework.DeploymentService.start(DeploymentService.java:374)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.checkPendingSAs(AutoDeploymentService.java:472)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.updateArchive(AutoDeploymentService.java:278)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.monitorDirectory(AutoDeploymentService.java:646)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService.access$200(AutoDeploymentService.java:62)
at
org.apache.servicemix.jbi.framework.AutoDeploymentService$1.run(AutoDeploymentService.java:609)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)
Caused by: java.lang.SecurityException: User name or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:84)
at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:92)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:706)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:121)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:294)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:185)
at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:65)
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:133)
at
org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:122)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:137)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.security.auth.login.LoginException:
java.lang.NullPointerException
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:77)
... 12 more
gnodet wrote:
>
> What exactly do you mean by securing a queue ? You mean that not
> everybody can send a message to this queue ? In such a case, is the
> user mapped to ServiceMix or is it the user that originaly sent the
> message ? or you want to send the user identity in the JMS message in
> some way ?
>
> On Mon, Jun 2, 2008 at 11:15 PM, Mukesh Mediratta <me...@mail.nih.gov>
> wrote:
>>
>> Hi Guillaume,
>>
>> Any development on this now. We are Using ActiveMQ JMS Queues for
>> inbound/outbound communication with our our partner application. We want
>> to
>> secure these inboud/outbound queues.
>>
>> We have external ActiveMQ running and we are able to configure JAAS on
>> this.
>> However we are not able to configure servicemix components to pass the
>> user
>> credentials when they have to communicate with ActiveMQ. Please help us
>> understand how to configure this.
>>
>> Thanks
>> Mukesh Mediratta
>>
>>
>>
>> gnodet wrote:
>>>
>>> This is not really documented. For the time being, you'll have to rely
>>> on
>>> the source code, but if you have any specific questions, feel free to
>>> ask.
>>>
>>> On Dec 19, 2007 3:47 PM, Lukasz L. <Lu...@sabre.com> wrote:
>>>
>>>>
>>>> I'm joing the question,
>>>> is there an example of doing this in dynamic configuration?
>>>> was the current state of security in service mix?
>>>>
>>>>
>>>> Mukesh Mediratta wrote:
>>>> >
>>>> > Has any one configured JAAS Authentication and Authorization Services
>>>> in
>>>> > ServiceMix. Any details shall be appreciated.
>>>> >
>>>> > I notice security.xml, user-credentials properties, groups etc.. Is
>>>> there
>>>> > any document describing these.
>>>> >
>>>> > Thanks
>>>> > Mukesh Mediratta
>>>> >
>>>>
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/JAAS-Support-tp5719650s12049p14418363.html
>>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Guillaume Nodet
>>> ------------------------
>>> Blog: http://gnodet.blogspot.com/
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/JAAS-Support-tp5719650p17610977.html
>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>
>>
>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
>
>
--
View this message in context: http://www.nabble.com/JAAS-Support-tp5719650p17625036.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: JAAS Support
Posted by Guillaume Nodet <gn...@gmail.com>.
What exactly do you mean by securing a queue ? You mean that not
everybody can send a message to this queue ? In such a case, is the
user mapped to ServiceMix or is it the user that originaly sent the
message ? or you want to send the user identity in the JMS message in
some way ?
On Mon, Jun 2, 2008 at 11:15 PM, Mukesh Mediratta <me...@mail.nih.gov> wrote:
>
> Hi Guillaume,
>
> Any development on this now. We are Using ActiveMQ JMS Queues for
> inbound/outbound communication with our our partner application. We want to
> secure these inboud/outbound queues.
>
> We have external ActiveMQ running and we are able to configure JAAS on this.
> However we are not able to configure servicemix components to pass the user
> credentials when they have to communicate with ActiveMQ. Please help us
> understand how to configure this.
>
> Thanks
> Mukesh Mediratta
>
>
>
> gnodet wrote:
>>
>> This is not really documented. For the time being, you'll have to rely on
>> the source code, but if you have any specific questions, feel free to ask.
>>
>> On Dec 19, 2007 3:47 PM, Lukasz L. <Lu...@sabre.com> wrote:
>>
>>>
>>> I'm joing the question,
>>> is there an example of doing this in dynamic configuration?
>>> was the current state of security in service mix?
>>>
>>>
>>> Mukesh Mediratta wrote:
>>> >
>>> > Has any one configured JAAS Authentication and Authorization Services
>>> in
>>> > ServiceMix. Any details shall be appreciated.
>>> >
>>> > I notice security.xml, user-credentials properties, groups etc.. Is
>>> there
>>> > any document describing these.
>>> >
>>> > Thanks
>>> > Mukesh Mediratta
>>> >
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/JAAS-Support-tp5719650s12049p14418363.html
>>> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>> --
>> Cheers,
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>>
>>
>
> --
> View this message in context: http://www.nabble.com/JAAS-Support-tp5719650p17610977.html
> Sent from the ServiceMix - User mailing list archive at Nabble.com.
>
>
--
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/