You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by ABV <bo...@inbox.lv> on 2008/08/14 13:25:27 UTC
Unable to authenticate transport without SSL certificate
Hi!
I'm trying to get ActiveMQ 4.1.2 working with
jaasCertificateAuthenticationPlugin. As a result
JaasCertificateAuthenticationBroker class at line 75 throws
SecurityException. I'm a bit confused because I was unable to find any info
regarding this exception. As well plain SSL connection is established well
and is working - certificates and keys are defined for ActiveMQ in SSL_OPTS
environment variable:
SSL_OPTS=-Djavax.net.ssl.keyStorePassword=<password>
-Djavax.net.ssl.keyStore="path\broker.ks"
and for options are passed as JVM arguments as follows:
-Djavax.net.ssl.keyStore="path\client.ks"
-Djavax.net.ssl.keyStorePassword="<password>"
-Djavax.net.ssl.trustStore="path\client.ts"
and client connection which is created using Spring xml configuration is
defined like this:
<amq:connectionFactory id="jmsConnectionFactory" userName="system"
password="manager" brokerURL="ssl://127.0.0.1:61617"/>
accordingly it looks like jaas configuration files (located in
{$ACTIVEMQ_BASE}/conf) are correctly picked up by ActiveMQ:
-------------
login.ocnfiguration:
activemq-domain {
org.apache.activemq.jaas.PropertiesLoginModule required
debug=true
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties";
};
-------------
users.properties:
system=manager
user=password
guest=password
-------------
groups.properties:
admins=system
tempDestinationAdmins=system,user
users=system,user
guests=guest
-------------
at last activemq.xml - configuration file holds theese lines:
<plugins>
<jaasCertificateAuthenticationPlugin/>
</plugins>
as I've read in http://activemq.apache.org/security.html
http://activemq.apache.org/security.html
if no configuration is defined by default "login.configuration" file will be
picked up and used.
So the main question how should I pass certificate to ActiveMQ server if JVM
args are not sufficient?
--
View this message in context: http://www.nabble.com/Unable-to-authenticate-transport-without-SSL-certificate-tp18979774p18979774.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Unable to authenticate transport without SSL certificate
Posted by ABV <bo...@inbox.lv>.
It's working!
As usual my mistake - sender web-app has poper configuration of jms
connection factory with user and password, but client webapp hasn't.
--
View this message in context: http://www.nabble.com/Unable-to-authenticate-transport-without-SSL-certificate-tp18979774p18981250.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Unable to authenticate transport without SSL certificate
Posted by ABV <bo...@inbox.lv>.
In addition to everything mentioned I was able to use
jaasAuthenticationPlugind it is configured in activemq.xml:
...
<plugins>
<jaasAuthenticationPlugin configuration="activemq-domain"/>
</plugins>
...
transportConnector is changed to tcp and the rest configuration is left the
same
--
View this message in context: http://www.nabble.com/Unable-to-authenticate-transport-without-SSL-certificate-tp18979774p18981188.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.