You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by nazgul <sc...@gmail.com> on 2006/05/29 10:02:27 UTC
Help with SimpleAuthenticationPlugin
Hi,
Can anyone help me configure the broker using SimpleAuthenticationPlugin?
I've already tried these in activemq.xml:
<beans ...>
<broker ...>
...
<plugins>
<simpleAuthenticationPlugin userGroups="#groups"
userPasswords="#users"/>
</plugins>
</broker>
...
<bean id="users" class="java.util.HashMap">
<property name="user1" value="user1"/>
<property name="user2" value="user2"/>
</bean>
<bean id="groups" class="java.util.HashMap">
<property name="user1" value="admin"/>
<property name="user2" value="admin"/>
</bean>
...
</beans>
And when I start the broker, it's returning an error creating bean.
Can anyone help me, pls?
--
View this message in context: http://www.nabble.com/Help+with+SimpleAuthenticationPlugin-t1697796.html#a4607329
Sent from the ActiveMQ - User forum at Nabble.com.
RE: Help with SimpleAuthenticationPlugin
Posted by Chris Hofstaedter <ch...@nmwco.com>.
I had this problem a few months ago, posted the question to this group,
and got a very helpful reply (with xml) that allowed me to get it
working.
http://www.mail-archive.com/activemq-users@geronimo.apache.org/msg05478.
html
-----Original Message-----
From: rousseau [mailto:steve.cook1@excite.com]
Sent: Friday, January 19, 2007 4:46 AM
To: activemq-users@geronimo.apache.org
Subject: Re: Help with SimpleAuthenticationPlugin
I have the same issue. Does anyone have a complete example XML
configuration
file for Simple authentication (not using JAAS or anything else)?
My XML file is something like:
<plugins>
<!-- simple user/password configuration -->
<simpleAuthenticationPlugin>
<userGroups>
<property name="user" value="users"/>
</userGroups>
<userPasswords>
<property name="user" value = "password"/>
</userPasswords>
</simpleAuthenticationPlugin>
<!-- lets configure a destination based authorization mechanism
-->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<!-- only allow access to authorised users -->
<authorizationEntry queue=">" read="users" write="users"
admin="users" />
<authorizationEntry topic=">" read="users" write="users"
admin="users" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
But i get errors...
ERROR: java.lang.RuntimeException: Failed to execute start task. Reason:
org.springframework.beans.factory.BeanCreationException: Error creating
bean
with name 'org.apache.activemq.security.AuthorizationEntry' defined in
class
path resource [activemq.xml]: Error setting property values; nested
exception is
org.springframework.beans.PropertyAccessExceptionsException:
PropertyAccessExceptionsException (3 errors); nested
propertyAccessExceptions are:
[org.springframework.beans.MethodInvocationException: Property 'admin'
threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/GroupPrincipal],
[org.springframework.beans.MethodInvocationException: Property 'read'
threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/GroupPrincipal],
[org.springframework.beans.MethodInvocationException: Property 'write'
threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/GroupPrincipal]
java.lang.RuntimeException: Failed to execute start task. Reason:
org.springframework.beans.factory.BeanCreationException: Error creating
bean
with name 'org.apache.activemq.security.AuthorizationEntry' defined in
class
path resource [activemq.xml]: Error setting property values; nested
exception is
org.springframework.beans.PropertyAccessExceptionsException:
PropertyAccessExceptionsException (3 errors); nested
propertyAccessExceptions are:
[org.springframework.beans.MethodInvocationException: Property 'admin'
threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/GroupPrincipal],
[org.springframework.beans.MethodInvocationException: Property 'read'
threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/Group etc .
I'm using AMQ 4.0.2.
cheers
/Steve
nazgul wrote:
>
> Hi Dietrich,
>
> Thanks for your example and explanations, it's helpful for sure :)
> I'll try to use your method in my broker and I'll inform the results
> later.
>
--
View this message in context:
http://www.nabble.com/Help-with-SimpleAuthenticationPlugin-tf1697796.htm
l#a8446342
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Help with SimpleAuthenticationPlugin
Posted by rousseau <st...@excite.com>.
I have the same issue. Does anyone have a complete example XML configuration
file for Simple authentication (not using JAAS or anything else)?
My XML file is something like:
<plugins>
<!-- simple user/password configuration -->
<simpleAuthenticationPlugin>
<userGroups>
<property name="user" value="users"/>
</userGroups>
<userPasswords>
<property name="user" value = "password"/>
</userPasswords>
</simpleAuthenticationPlugin>
<!-- lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<!-- only allow access to authorised users -->
<authorizationEntry queue=">" read="users" write="users"
admin="users" />
<authorizationEntry topic=">" read="users" write="users"
admin="users" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
But i get errors...
ERROR: java.lang.RuntimeException: Failed to execute start task. Reason:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'org.apache.activemq.security.AuthorizationEntry' defined in class
path resource [activemq.xml]: Error setting property values; nested
exception is org.springframework.beans.PropertyAccessExceptionsException:
PropertyAccessExceptionsException (3 errors); nested
propertyAccessExceptions are:
[org.springframework.beans.MethodInvocationException: Property 'admin' threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/GroupPrincipal],
[org.springframework.beans.MethodInvocationException: Property 'read' threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/GroupPrincipal],
[org.springframework.beans.MethodInvocationException: Property 'write' threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/GroupPrincipal]
java.lang.RuntimeException: Failed to execute start task. Reason:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'org.apache.activemq.security.AuthorizationEntry' defined in class
path resource [activemq.xml]: Error setting property values; nested
exception is org.springframework.beans.PropertyAccessExceptionsException:
PropertyAccessExceptionsException (3 errors); nested
propertyAccessExceptions are:
[org.springframework.beans.MethodInvocationException: Property 'admin' threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/GroupPrincipal],
[org.springframework.beans.MethodInvocationException: Property 'read' threw
exception; nested exception is java.lang.NoClassDefFoundError:
org/apache/activemq/jaas/Group etc .
I'm using AMQ 4.0.2.
cheers
/Steve
nazgul wrote:
>
> Hi Dietrich,
>
> Thanks for your example and explanations, it's helpful for sure :)
> I'll try to use your method in my broker and I'll inform the results
> later.
>
--
View this message in context: http://www.nabble.com/Help-with-SimpleAuthenticationPlugin-tf1697796.html#a8446342
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Help with SimpleAuthenticationPlugin
Posted by nazgul <sc...@gmail.com>.
Hi Dietrich,
Thanks for your example and explanations, it's helpful for sure :)
I'll try to use your method in my broker and I'll inform the results later.
--
View this message in context: http://www.nabble.com/Help+with+SimpleAuthenticationPlugin-t1697796.html#a4609685
Sent from the ActiveMQ - User forum at Nabble.com.
Re: Help with SimpleAuthenticationPlugin
Posted by Dietrich Bollmann <db...@web.de>.
Hi Ferry,
Here some notes I made when experimenting with JAAS and ActiveMQ some
time ago. They are kind of old and were written only for my personal use
- I hope they are still somehow helpful :)
Best wishes
--
Dietrich Bollmann
------------
During the login authentication, the LDAP login module does not compare
the user password with the one stored on the LDAP server directly.
Rather it uses the user's userid and password to access some (possibly
dummy) data stored in the user's LDAP DN on behalf of the user. Only if
the access is granted by the LDAP server, the user authentication will
succeed.
* ActiveMQ XML Configuration
ActiveMQ Brokers are configured at startup using a XML configuration
file. For using the LDAP login module the following attributes have to
be added to the <broker /> tag:
<broker
...
<plugins>
<jaasAuthenticationPlugin configuration="LoginLdapConfiguration" />
</plugins>
...
</broker>
By asking to use JAAS Authentication (<plugins><jaasAuthenticationPlugin
... /></plugins>), all security critical broker operations are filtered
by the JAAS login module. They are allowed only if the user has been
authenticated correctly relative to his user date stored in the LDAP
user information server.
The jaasLdapConfiguration attribute specifies how to access the relevant
user data on the central user information server. A data structure with
the same name has to be provided in a special configuration file.
* The LDAP Login Configuration File
The LDAP login configuration file contains all information necessary to
access the user authentication information on the user information LDAP
server.
The location of this file has to be given using the Java property
java.security.auth.login.config. This can be done in the broker
properties file or on the command line using following option
-Djava.security.auth.login.config=/path/ldap-configuration-file
The information necessary for accessing the LDAP user information has to
be formatted as shown in the following example:
LoginLdapConfiguration {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://<ldap host>:<ldap port>/o=<...>"
connectionUsername="uid=<...>,ou=<...>"
connectionPassword=<password>
connectionProtocol=s
authentication=simple
userBase="ou=Users"
userRoleName=dummyUserRoleName
userSearchMatching="(uid={0})"
userSearchSubtree=false
roleBase="ou=Users"
roleName=dummyRoleName
roleSearchMatching="(uid={1})"
roleSearchSubtree=false
;
};
* Explanations:
LoginLdapConfiguration
This is the name of the configuration. All attributes necessary to
access the relevant user Information on the LDAP server are given
between a pair of curly braces.
org.apache.activemq.jaas.LDAPLoginModule required
The Java sources of the LDAP login module.
debug=true
Activating / deactivating log messages.
initialContextFactory
The LDAP context factory used to get the initial context.
connectionURL
URL of the LDAP server [and optionally the Base DN to use]
connectionUsername
LDAP User DN (Distinguished Name)
connectionPassword
Password
connectionProtocol
The security protocol to use, ex: "s".
authentication
Authentication method to use, ex: "simple".
userRoleName
Name of attribute used for storing the user roles.
For authentication this attribute is optional; an attribute which
does not exist in the user information entry can also be used. Ex:
"dummyUserRoleName".
userBase
Name of the context to search for users entries and the values of
userRoleName.
userSearchMatching
Message format to generate the user search filter. A valid value is
obligatory for a successful user authentication.
{0} will be substituted with the full name of the user context,
example: "uid=peterb,ou=Users,o=TS". Note: This value is not usable to
search the LDAP user information service because only attributes are
allowed in the search expressions.[1]
{1} will be substituted with the username.
userSearchSubtree
Search one level of / the entire subtree rooted at userBase.
roleName
Name of another attribute used for storing user roles.
The user roles found here are added to those found as values of
userRoleName. The attribute values of userRoleName are accessed using
the security principal and credentials found in this configuration; the
values of 'roleName' are retrieved using the users password (credential)
and dn (principal).
For authentication this attribute is optional; an attribute which
does not exist in the user information entry can also be used. Ex:
dummyRoleName.
NOTE: The login of the user only succeeds if he is allowed - or, in
the case of this attribute being a dummy attribute, would be allowed -
to retrieve the values of this attribute from the Penrose Server: During
the whole login process the user password is only checked by trying to
access this attribute. If the Penrose server rejects this query the
login procedure fails.[2]
roleBase
Name of the context to search for user roles using roleName.
roleSearchMatching
Format for searching the user roles specified in the attribute given
by roleName.
{0} will be substituted with the username.
roleSearchSubtree
Search one level of / the entire subtree rooted at roleBase.
* Footnotes
[1] See the paragraph "Search Filters" in The JNDI Tutorial.
http://java.sun.com/products/jndi/tutorial/basics/directory/filter.html
, http://java.sun.com/products/jndi/tutorial/trailmap.html
[2] Compare the notes on Penrose Authentication on the Penrose
Project pages.
http://docs.safehaus.org/display/PENROSE/Penrose+0.9.9+Authentication ,
http://docs.safehaus.org/display/PENROSE/Home
nazgul wrote:
> Hi Adrian, thanks for the quick reply.
>
> Here is the exception encountered when I start the broker:
>
> Loading message broker from: xbean:activemq.xml
>
> ERROR: java.lang.RuntimeException: Failed to execute start task. Reason:
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'org.apache.activemq.security.SimpleAuthenticationPlugin' defined
> in class path resource [activemq.xml]: Can't resolve reference to bean
> 'groups' while setting property 'userGroups'; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'groups' defined in class path resource [activemq.xml]: Error
> setting property values; nested exception is
> org.springframework.beans.NotWritablePropertyException: Invalid property
> 'user1' of bean class [java.util.HashMap]: Bean property 'user1' is not
> writable or has an invalid setter method: Does the parameter type of the
> setter match the return type of the getter?
>
> ERROR: java.lang.Exception:
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'org.apache.activemq.security.SimpleAuthenticationPlugin' defined
> in class path resource [activemq.xml]: Can't resolve reference to bean
> 'groups' while setting property 'userGroups'; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'groups' defined in class path resource [activemq.xml]: Error
> setting property values; nested exception is
> org.springframework.beans.NotWritablePropertyException: Invalid property
> 'user1' of bean class [java.util.HashMap]: Bean property 'user1' is not
> writable or has an invalid setter method: Does the parameter type of the
> setter match the return type of the getter?
>
> What happened with my configuration? Did I configured it wrong?
>
> All I want to do is requiring a simple authentication when clients connect
> to the broker, I've tried using JAAS but client returns an error when
> authenticating to the broker, the exception is JMSException, something with
> user cannot authorize to create ActiveMQ.Advisory.Connection topic.
>
> Where can I get the full reference to the XML configuration?
>
> Regards,
> Ferry
> --
> View this message in context: http://www.nabble.com/Help+with+SimpleAuthenticationPlugin-t1697796.html#a4608332
> Sent from the ActiveMQ - User forum at Nabble.com.
>
>
>
Re: Help with SimpleAuthenticationPlugin
Posted by nazgul <sc...@gmail.com>.
Hi Adrian, thanks for the quick reply.
Here is the exception encountered when I start the broker:
Loading message broker from: xbean:activemq.xml
ERROR: java.lang.RuntimeException: Failed to execute start task. Reason:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'org.apache.activemq.security.SimpleAuthenticationPlugin' defined
in class path resource [activemq.xml]: Can't resolve reference to bean
'groups' while setting property 'userGroups'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'groups' defined in class path resource [activemq.xml]: Error
setting property values; nested exception is
org.springframework.beans.NotWritablePropertyException: Invalid property
'user1' of bean class [java.util.HashMap]: Bean property 'user1' is not
writable or has an invalid setter method: Does the parameter type of the
setter match the return type of the getter?
ERROR: java.lang.Exception:
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'org.apache.activemq.security.SimpleAuthenticationPlugin' defined
in class path resource [activemq.xml]: Can't resolve reference to bean
'groups' while setting property 'userGroups'; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'groups' defined in class path resource [activemq.xml]: Error
setting property values; nested exception is
org.springframework.beans.NotWritablePropertyException: Invalid property
'user1' of bean class [java.util.HashMap]: Bean property 'user1' is not
writable or has an invalid setter method: Does the parameter type of the
setter match the return type of the getter?
What happened with my configuration? Did I configured it wrong?
All I want to do is requiring a simple authentication when clients connect
to the broker, I've tried using JAAS but client returns an error when
authenticating to the broker, the exception is JMSException, something with
user cannot authorize to create ActiveMQ.Advisory.Connection topic.
Where can I get the full reference to the XML configuration?
Regards,
Ferry
--
View this message in context: http://www.nabble.com/Help+with+SimpleAuthenticationPlugin-t1697796.html#a4608332
Sent from the ActiveMQ - User forum at Nabble.com.
Re: Help with SimpleAuthenticationPlugin
Posted by Adrian Co <ac...@exist.com>.
Hi,
Good you post the complete exception?
This could well be a namespace issue. Try adding an empty xmlns to your
spring beans:
<bean id="users" class="java.util.HashMap" xmlns="">
<property name="user1" value="user1"/>
<property name="user2" value="user2"/>
</bean>
Refer to this thread also, in case this is your issue:
http://www.nabble.com/Refreshing+authorizationPlugin++config-t1368949.html#a3889989
Hope this helps. :)
Regards,
Adrian Co
nazgul wrote:
>Hi,
>
>Can anyone help me configure the broker using SimpleAuthenticationPlugin?
>
>I've already tried these in activemq.xml:
><beans ...>
> <broker ...>
> ...
> <plugins>
> <simpleAuthenticationPlugin userGroups="#groups"
>userPasswords="#users"/>
> </plugins>
> </broker>
> ...
> <bean id="users" class="java.util.HashMap">
> <property name="user1" value="user1"/>
> <property name="user2" value="user2"/>
> </bean>
> <bean id="groups" class="java.util.HashMap">
> <property name="user1" value="admin"/>
> <property name="user2" value="admin"/>
> </bean>
> ...
></beans>
>
>And when I start the broker, it's returning an error creating bean.
>
>Can anyone help me, pls?
>
>--
>View this message in context: http://www.nabble.com/Help+with+SimpleAuthenticationPlugin-t1697796.html#a4607329
>Sent from the ActiveMQ - User forum at Nabble.com.
>
>
>