You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2022/11/10 18:51:00 UTC

[jira] [Commented] (ARTEMIS-4090) Artemis Web Console Does Not Use User Cert on sendMessage

    [ https://issues.apache.org/jira/browse/ARTEMIS-4090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17631857#comment-17631857 ] 

Justin Bertram commented on ARTEMIS-4090:
-----------------------------------------

I'm not sure it's feasible to implement this functionality. When a message is sent via the web console the web console doesn't actually send the message directly with a JavaScript messaging client implementation. It just invokes a management operation on the broker with the relevant details and _the broker_ itself sends the message using the core API. It's not clear to me that the web console's JavaScript would even be able to access the certificate from the parent browser in order to send it along with the other message data to the broker.

I think you're probably better off use the {{artemis producer}} command available from the CLI if you want to authenticate via certificate while sending messages.

> Artemis Web Console Does Not Use User Cert on sendMessage
> ---------------------------------------------------------
>
>                 Key: ARTEMIS-4090
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4090
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>            Reporter: Brandon Stradling
>            Priority: Major
>
> After configuring Artemis ActiveMQ Web console to use certs to authenticate users, attempting to send a message from the console results in error.
>  
> Web Console Error: "Could not send message: java.lang.IllegalStateException : AMQ229031: Unable to validate user from Management. Username: public; SSL certificate subject DN: unavailable"
>  
> Receiving exception that certs[] is null from:
>          throw new LoginException("Client certificates not found. Cannot authenticate.");
> [https://github.com/apache/activemq-artemis/blob/5ebaebdfa3830f9ac075137aefb77d78f2d8bc7a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/TextFileCertificateLoginModule.java#L75]
>  
> From what I can assess, hawt.io Authenticator passes users certs via the incoming HttpRequest.  My best guess is that the sendMessageService class does not grab and pass the user's cert when attempting to doSendMessage.
> this.jolokia.execute(mbean, "sendMessage(java.util.Map, int, java.lang.String, boolean, java.lang.String, java.lang.String, boolean)", headers, type, body, durable, user, pwd, createMessageId, Core.onSuccess(this.operationSuccess(), \{ error: this.onError }));Core.$apply(this.scope);}}};}})(Artemis || (Artemis = {}));
> [https://github.com/apache/activemq-artemis/blob/42529899d01df63c4aea5f562a2db8058a455a5e/artemis-hawtio/artemis-plugin/src/main/webapp/plugin/js/services/sendMessageService.js#L155]
>  
> Please add support for cert-based message sending from the Web Console.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)