You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Burkhard <bu...@gmail.com> on 2018/06/07 17:56:01 UTC
[LDAP] User is not authorized to create
topic://ActiveMQ.Advisory.Connection
I'm trying to implement LDAP based authentication and authorization in
ActiveMQ.
The LDAP part is done with ApacheDS 2.0.
I created the users (e.g. uid=user2,ou=users,o=X) as inetOrgPerson with a
SHA userPassword.
The ou=system looks like this:
LDAP.png <http://activemq.2283324.n4.nabble.com/file/t379096/LDAP.png>
The shiro.ini contains:
ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=users,o=X
ldapRealm.contextFactory.url = ldap://localhost:10389
securityManager.realms = $ldapRealm
The authentication is working from Java:
Factory<SecurityManager> factory = new
IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager securityManager = factory.getInstance();
AuthenticationToken authenticationToken = new UsernamePasswordToken("user2",
"password123");
AuthenticationInfo authenticationInfo =
securityManager.authenticate(authenticationToken);
System.out.println("authenticationInfo: " + authenticationInfo);
//authenticationInfo: user2
However, when connecting to the MoM-Broker and trying to send a Message I
get the following Exception:
SecurityException: Subject [user2] is not authorized to create destination:
topic://ActiveMQ.Advisory.Connection
How can I grant this user to create the destination topic?
For reference, I tried to get an answer here
<https://stackoverflow.com/q/50703245/12860> first.
--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html