You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2020/11/24 16:42:00 UTC

[jira] [Commented] (ARTEMIS-3010) Cannot manage local users offline anymore with Artemis 2.16.0

    [ https://issues.apache.org/jira/browse/ARTEMIS-3010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17238250#comment-17238250 ] 

Justin Bertram commented on ARTEMIS-3010:
-----------------------------------------

This change was intentional. As you note, it was part of ARTEMIS-2893 which was for a data integrity issue with concurrent user modification operations. The problem was caused by the fundamental design that allowed offline changes. The only way I was able to address the issue was to make sure the broker itself was in charge of the modifications and was therefore able to enforce proper concurrency controls.

If you are local to the broker and the broker is offline then it should be fairly simple to just modify the properties files directly. The syntax is really simple. You can use the {{artemis mask}} command as described in [the documentation|https://activemq.apache.org/components/artemis/documentation/latest/masking-passwords.html] if necessary.

In general, I wouldn't recommend using properties files and broker-centric user management for anything other than very basic use-cases, certainly nothing for major production use. The broker is designed to deal with messages. It's not in the business of managing users, although that functionality is provided at a limited level for convenience. LDAP is recommended for enterprise level production use-cases.

I'll get the documentation updated to make this all clear.

> Cannot manage local users offline anymore with Artemis 2.16.0
> -------------------------------------------------------------
>
>                 Key: ARTEMIS-3010
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3010
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 2.16.0
>            Reporter: Stephan Austermühle
>            Assignee: Justin Bertram
>            Priority: Critical
>
> Until Artemis 2.15 it was possible to manage local users [just as describe in the docs|https://activemq.apache.org/components/artemis/documentation/latest/security.html]:
> {code}
> ./artemis user add --user guest --password guest --role admin
> {code}
> With 2.16, it looks like the broker has to be online before users can be managed:
> {code}
> ../artemis user add --user guest --password guest --role amq
> Connection brokerURL = tcp://localhost:61616
> --user-command-user: is a mandatory property!
> Please provide the username to use for the chosen user command:
> {code}
> So, currently, it seems to be impossible to configure admin credentials before starting the broker for the first time.
> In case of the behavioral change was intended, please update the docs. Otherwise, it seems to be a bug.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)