You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Pratibha (JIRA)" <ji...@apache.org> on 2019/04/18 08:23:00 UTC
[jira] [Created] (AMQ-7186) Network bridge failing after
authentication-plugin use
Pratibha created AMQ-7186:
-----------------------------
Summary: Network bridge failing after authentication-plugin use
Key: AMQ-7186
URL: https://issues.apache.org/jira/browse/AMQ-7186
Project: ActiveMQ
Issue Type: Bug
Components: AMQP
Affects Versions: 5.15.8
Reporter: Pratibha
Fix For: 5.15.8
We are using Apache *ActiveMQ version 5.15.8.*
We have created Broker to Broker ActiveMQ network using ssh tunneling.
*Broker-A is enqueuing messages & messages are getting dequeued at Broker-B end.*
We have added below configuration to restrict the Broker-A from creating new queues other than specified one.
*Below is configuration at Broker-B:*
# Contents added in activemq.xml
| <plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="admin" password=" adminpassword" groups="admins,all" />
<authenticationUser username="test" password="testpassword " groups="admins,all" />
</users>
</simpleAuthenticationPlugin>
<jaasAuthenticationPlugin configuration="activemq" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue="demo.test " read="admins" write="admins" admin="admins" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>|
# Contents of users.properties
|admin= adminpassword
test= testpassword|
# Contents of groups.properties
|admins=admin,test
all=admin,test|
# Contents of credentials.properties
|activemq.username=admin
activemq.password= adminpassword|
# Contents of jetty-realm.properties
|admin: adminpassword, admin
test: testpassword, admin|
*Below is configuration at Broker-A:*
# Contents added in activemq.xml
| <networkConnectors>
<networkConnector name="testlinkconnector" userName="admin" password=" adminpassword " uri="static:(tcp://127.0.0.1:61618)?connection.useCompression=true" staticBridge="true">
<staticallyIncludedDestinations>
<queue physicalName=" demo.test"/>
</staticallyIncludedDestinations>
</networkConnector>|
If we just add *<simpleAuthenticationPlugin>* plugin in Broker-B configuration then bridge connection is working between Broker-A to Broker-B.
But when are adding *<simpleAuthenticationPlugin>, <jaasAuthenticationPlugin>* and *<authorizationPlugin>* Broker-B configuration then bridge connection is not working.
We are getting below error at Broker-A end.
|2019-04-18 05:04:20,932 \| INFO \| localhost bridge to localhost stopped \| org.apache.activemq.network.DemandForwardingBridgeSupport \| ActiveMQ BrokerService[localhost] Task-2263
2019-04-18 05:04:50,930 \| INFO \| Establishing network connection from vm://localhost to tcp://127.0.0.1:61618 \| org.apache.activemq.network.DiscoveryNetworkConnector \| ActiveMQ Task-2
2019-04-18 05:04:50,973 \| INFO \| Network connection between vm://localhost#4146 and tcp:///127.0.0.1:61618@37514 (localhost) has been established. \| org.apache.activemq.network.DemandForwardingBridgeSupport \| triggerStartAsyncNetworkBridgeCreation: remoteBroker=tcp:///127.0.0.1:61618@37514, localBroker= vm://localhost#4146
2019-04-18 05:04:50,977 \| ERROR \| Network connection between vm://localhost#4146 and tcp:///127.0.0.1:61618@37514 shutdown due to a remote error: {} \| org.apache.activemq.network.DemandForwardingBridgeSupport \| ActiveMQ Transport: tcp:///127.0.0.1:61618@37514
java.lang.SecurityException: User name [admin] or password is invalid.
at org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.8.jar:5.15.8]
at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)[activemq-broker-5.15.8.jar:5.15.8]
at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.8.jar:5.15.8]
at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.8.jar:5.15.8]
at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.8.jar:5.15.8]
at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.8.jar:5.15.8]
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.8.jar:5.15.8]
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.8.jar:5.15.8]
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.8.jar:5.15.8]
at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[activemq-client-5.15.8.jar:5.15.8]
at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)[activemq-client-5.15.8.jar:5.15.8]
at org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)[activemq-client-5.15.8.jar:5.15.8]
at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.8.jar:5.15.8]
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.8.jar:5.15.8]
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.8.jar:5.15.8]
at java.lang.Thread.run(Thread.java:748)[:1.8.0_191]|
*We want that Broker-A can only send messages if it is having proper credentials and Broker-A can only create or sends messages to the specific queue (demo.test)at Broker-B end.*
*Broker-A can only create demo.test queue at Broker-B end if it does not exist. Broker-A should not create or sends messages to any other queue at Broker-B end though it is having proper credentials.*
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)