You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by lancedv <la...@yahoo.com> on 2007/10/24 08:57:24 UTC
jaas security
Hi guys,
Im trying to use jaas in my activemq instance and have followed the
instructions in the security page and some hints in this forum but im
getting this error when starting activemq:
ERROR BrokerService - Failed to start ActiveMQ JMS Message
Broker. Reason: java.lang.SecurityException: User is not authenticated.
java.lang.SecurityException: User is not authenticated.
at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
at
org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
at
org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:181)
at
org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
at
org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
at
org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at
org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at
org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at
org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at
org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
at
org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
at
org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
at
org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
im using activemq snapshot 5 running on fedora 6.
Any help will be very much appreciated. Thanks
--
View this message in context: http://www.nabble.com/jaas-security-tf4682391s2354.html#a13380046
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: jaas security
Posted by ttmdev <jo...@ttmsolutions.com>.
Yup, I am using <jaasAuthenticationPlugin> with no problem.
Can you post your complete activemq.xml?
Try commenting out your commandAgent like this
<!-- <commandAgent xmlns="http://activemq.org/config/1.0"/> -->
Joe
lancedv wrote:
>
> Hi Joe,
>
> Yup it solved that problem but im now gettin these errors:
>
> javax.jms.JMSException: User name or password is invalid.
> at
> org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
>
>
> Caused by: java.lang.SecurityException: User name or password is invalid.
> at
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
>
>
> Caused by: javax.security.auth.login.LoginException:
> java.lang.NullPointerException
> at java.util.Hashtable.get(Hashtable.java:334)
>
> It can find these files login.config, users.properties and
> groups.properties but i noticed that one of the errors contain a
> nullpointerexception, what am i missing?
>
> Im assuming you had tried Jaas before or maybe still using it right now,
> how did you do it?
>
> Thanks very much
>
> Jan
>
> ttmdev wrote:
>>
>> Clear out your brokers data directory (i.e.,
>> ../activemq-data/<broker-name>).
>>
>> I believe the exception is being hurled because there is a destination in
>> the data directory that was previously created w/out the security
>> credentials that you're now trying to use.
>>
>> I was getting the same exception and clearing out my brokers data
>> directory took care of the exception.
>>
>> Joe
>>
>>
>> lancedv wrote:
>>>
>>> Hi Tom
>>>
>>> Thanks for taking time to help me out. Here's a snippet of my config:
>>>
>>> <plugins>
>>> <!--
>>>
>>> <jaasAuthenticationPlugin configuration="activemq-domain"/>
>>> -->
>>> <simpleAuthenticationPlugin>
>>> <users>
>>> <authenticationUser username="system" password="manager"
>>> groups="users,admins"/>
>>> <authenticationUser username="user" password="password"
>>> groups="users"/>
>>> <authenticationUser username="guest" password="password"
>>> groups="guests"/>
>>> </users>
>>> </simpleAuthenticationPlugin>
>>>
>>> <authorizationPlugin>
>>> <map>
>>> <authorizationMap>
>>> <authorizationEntries>
>>> <authorizationEntry queue=">" read="admins" write="admins"
>>> admin="admins"/>
>>> <authorizationEntry topic=">" read="admins" write="admins"
>>> admin="admins"/>
>>> <!-- <authorizationEntry topic="sms.>" read="users"
>>> write="users" admin="users"/> -->
>>> </authorizationEntries>
>>>
>>>
>>> <tempDestinationAuthorizationEntry>
>>> <tempDestinationAuthorizationEntry
>>> read="tempDestinationAdmins" write="tempDestinationAdmins"
>>> admin="tempDestinationAdmins"/>
>>> </tempDestinationAuthorizationEntry>
>>>
>>>
>>> </authorizationMap>
>>> </map>
>>> </authorizationPlugin>
>>>
>>> </plugins>
>>>
>>> Im playin around with Jaas and simple plugins but had no success so far.
>>> I checked the source and it seems im getting this error because of null
>>> securitycontext being returned by getsecuritycontext method. My guess is
>>> almost the same as yours that it is trying to authenticate itself but
>>> where should i fix that?
>>>
>>>
>>>
>>>
>>> Tom Samplonius-2 wrote:
>>>>
>>>>
>>>> ----- "lancedv" <la...@yahoo.com> wrote:
>>>>> Hi guys,
>>>>>
>>>>> Im trying to use jaas in my activemq instance and have followed the
>>>>> instructions in the security page and some hints in this forum but im
>>>>> getting this error when starting activemq:
>>>>>
>>>>> ERROR BrokerService - Failed to start ActiveMQ JMS
>>>>> Message
>>>>> Broker. Reason: java.lang.SecurityException: User is not
>>>>> authenticated.
>>>> ...
>>>>>
>>>>> im using activemq snapshot 5 running on fedora 6.
>>>>
>>>>
>>>> What does your config file look like?
>>>>
>>>> Unfortunately, I found there are certain things you can password
>>>> protect, and have other things work. For instance, the management
>>>> topic. It will fail to be created, as apparently ActiveMQ demands that
>>>> ActiveMQ use an admin password when connecting to itself. It is a bit
>>>> bizarre.
>>>>
>>>>
>>>>> Any help will be very much appreciated. Thanks
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/jaas-security-tf4682391s2354.html#a13380046
>>>>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>> Tom
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/jaas-security-tf4682391s2354.html#a13427727
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: jaas security
Posted by lancedv <la...@yahoo.com>.
Hi Joe,
Yup it solved that problem but im now gettin these errors:
javax.jms.JMSException: User name or password is invalid.
at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
Caused by: java.lang.SecurityException: User name or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
Caused by: javax.security.auth.login.LoginException:
java.lang.NullPointerException
at java.util.Hashtable.get(Hashtable.java:334)
It can find these files login.config, users.properties and groups.properties
but i noticed that one of the errors contain a nullpointerexception, what am
i missing?
Im assuming you had tried Jaas before or maybe still using it right now, how
did you do it?
Thanks very much
Jan
ttmdev wrote:
>
> Clear out your brokers data directory (i.e.,
> ../activemq-data/<broker-name>).
>
> I believe the exception is being hurled because there is a destination in
> the data directory that was previously created w/out the security
> credentials that you're now trying to use.
>
> I was getting the same exception and clearing out my brokers data
> directory took care of the exception.
>
> Joe
>
>
> lancedv wrote:
>>
>> Hi Tom
>>
>> Thanks for taking time to help me out. Here's a snippet of my config:
>>
>> <plugins>
>> <!--
>>
>> <jaasAuthenticationPlugin configuration="activemq-domain"/>
>> -->
>> <simpleAuthenticationPlugin>
>> <users>
>> <authenticationUser username="system" password="manager"
>> groups="users,admins"/>
>> <authenticationUser username="user" password="password"
>> groups="users"/>
>> <authenticationUser username="guest" password="password"
>> groups="guests"/>
>> </users>
>> </simpleAuthenticationPlugin>
>>
>> <authorizationPlugin>
>> <map>
>> <authorizationMap>
>> <authorizationEntries>
>> <authorizationEntry queue=">" read="admins" write="admins"
>> admin="admins"/>
>> <authorizationEntry topic=">" read="admins" write="admins"
>> admin="admins"/>
>> <!-- <authorizationEntry topic="sms.>" read="users"
>> write="users" admin="users"/> -->
>> </authorizationEntries>
>>
>>
>> <tempDestinationAuthorizationEntry>
>> <tempDestinationAuthorizationEntry
>> read="tempDestinationAdmins" write="tempDestinationAdmins"
>> admin="tempDestinationAdmins"/>
>> </tempDestinationAuthorizationEntry>
>>
>>
>> </authorizationMap>
>> </map>
>> </authorizationPlugin>
>>
>> </plugins>
>>
>> Im playin around with Jaas and simple plugins but had no success so far.
>> I checked the source and it seems im getting this error because of null
>> securitycontext being returned by getsecuritycontext method. My guess is
>> almost the same as yours that it is trying to authenticate itself but
>> where should i fix that?
>>
>>
>>
>>
>> Tom Samplonius-2 wrote:
>>>
>>>
>>> ----- "lancedv" <la...@yahoo.com> wrote:
>>>> Hi guys,
>>>>
>>>> Im trying to use jaas in my activemq instance and have followed the
>>>> instructions in the security page and some hints in this forum but im
>>>> getting this error when starting activemq:
>>>>
>>>> ERROR BrokerService - Failed to start ActiveMQ JMS
>>>> Message
>>>> Broker. Reason: java.lang.SecurityException: User is not
>>>> authenticated.
>>> ...
>>>>
>>>> im using activemq snapshot 5 running on fedora 6.
>>>
>>>
>>> What does your config file look like?
>>>
>>> Unfortunately, I found there are certain things you can password
>>> protect, and have other things work. For instance, the management
>>> topic. It will fail to be created, as apparently ActiveMQ demands that
>>> ActiveMQ use an admin password when connecting to itself. It is a bit
>>> bizarre.
>>>
>>>
>>>> Any help will be very much appreciated. Thanks
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/jaas-security-tf4682391s2354.html#a13380046
>>>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>>
>>>
>>> Tom
>>>
>>>
>>
>>
>
>
--
View this message in context: http://www.nabble.com/jaas-security-tf4682391s2354.html#a13421459
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: jaas security
Posted by ttmdev <jo...@ttmsolutions.com>.
Clear out your brokers data directory (i.e., ../activemq-data/<broker-name>).
I believe the exception is being hurled because there is a destination in
the data directory that was previously created w/out the security
credentials that you're now trying to use.
I was getting the same exception and clearing out my brokers data directory
took care of the exception.
Joe
lancedv wrote:
>
> Hi Tom
>
> Thanks for taking time to help me out. Here's a snippet of my config:
>
> <plugins>
> <!--
>
> <jaasAuthenticationPlugin configuration="activemq-domain"/>
> -->
> <simpleAuthenticationPlugin>
> <users>
> <authenticationUser username="system" password="manager"
> groups="users,admins"/>
> <authenticationUser username="user" password="password"
> groups="users"/>
> <authenticationUser username="guest" password="password"
> groups="guests"/>
> </users>
> </simpleAuthenticationPlugin>
>
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue=">" read="admins" write="admins"
> admin="admins"/>
> <authorizationEntry topic=">" read="admins" write="admins"
> admin="admins"/>
> <!-- <authorizationEntry topic="sms.>" read="users"
> write="users" admin="users"/> -->
> </authorizationEntries>
>
>
> <tempDestinationAuthorizationEntry>
> <tempDestinationAuthorizationEntry
> read="tempDestinationAdmins" write="tempDestinationAdmins"
> admin="tempDestinationAdmins"/>
> </tempDestinationAuthorizationEntry>
>
>
> </authorizationMap>
> </map>
> </authorizationPlugin>
>
> </plugins>
>
> Im playin around with Jaas and simple plugins but had no success so far. I
> checked the source and it seems im getting this error because of null
> securitycontext being returned by getsecuritycontext method. My guess is
> almost the same as yours that it is trying to authenticate itself but
> where should i fix that?
>
>
>
>
> Tom Samplonius-2 wrote:
>>
>>
>> ----- "lancedv" <la...@yahoo.com> wrote:
>>> Hi guys,
>>>
>>> Im trying to use jaas in my activemq instance and have followed the
>>> instructions in the security page and some hints in this forum but im
>>> getting this error when starting activemq:
>>>
>>> ERROR BrokerService - Failed to start ActiveMQ JMS
>>> Message
>>> Broker. Reason: java.lang.SecurityException: User is not
>>> authenticated.
>> ...
>>>
>>> im using activemq snapshot 5 running on fedora 6.
>>
>>
>> What does your config file look like?
>>
>> Unfortunately, I found there are certain things you can password
>> protect, and have other things work. For instance, the management topic.
>> It will fail to be created, as apparently ActiveMQ demands that ActiveMQ
>> use an admin password when connecting to itself. It is a bit bizarre.
>>
>>
>>> Any help will be very much appreciated. Thanks
>>> --
>>> View this message in context:
>>> http://www.nabble.com/jaas-security-tf4682391s2354.html#a13380046
>>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>
>>
>> Tom
>>
>>
>
>
--
View this message in context: http://www.nabble.com/jaas-security-tf4682391s2354.html#a13407614
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: jaas security
Posted by lancedv <la...@yahoo.com>.
Hi Tom
Thanks for taking time to help me out. Here's a snippet of my config:
<plugins>
<!--
<jaasAuthenticationPlugin configuration="activemq-domain"/>
-->
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="system" password="manager"
groups="users,admins"/>
<authenticationUser username="user" password="password"
groups="users"/>
<authenticationUser username="guest" password="password"
groups="guests"/>
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins"
admin="admins"/>
<authorizationEntry topic=">" read="admins" write="admins"
admin="admins"/>
<!-- <authorizationEntry topic="sms.>" read="users"
write="users" admin="users"/> -->
</authorizationEntries>
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry
read="tempDestinationAdmins" write="tempDestinationAdmins"
admin="tempDestinationAdmins"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
Im playin around with Jaas and simple plugins but had no success so far. I
checked the source and it seems im getting this error because of null
securitycontext being returned by getsecuritycontext method. My guess is
almost the same as yours that it is trying to authenticate itself but where
should i fix that?
Tom Samplonius-2 wrote:
>
>
> ----- "lancedv" <la...@yahoo.com> wrote:
>> Hi guys,
>>
>> Im trying to use jaas in my activemq instance and have followed the
>> instructions in the security page and some hints in this forum but im
>> getting this error when starting activemq:
>>
>> ERROR BrokerService - Failed to start ActiveMQ JMS
>> Message
>> Broker. Reason: java.lang.SecurityException: User is not
>> authenticated.
> ...
>>
>> im using activemq snapshot 5 running on fedora 6.
>
>
> What does your config file look like?
>
> Unfortunately, I found there are certain things you can password
> protect, and have other things work. For instance, the management topic.
> It will fail to be created, as apparently ActiveMQ demands that ActiveMQ
> use an admin password when connecting to itself. It is a bit bizarre.
>
>
>> Any help will be very much appreciated. Thanks
>> --
>> View this message in context:
>> http://www.nabble.com/jaas-security-tf4682391s2354.html#a13380046
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
> Tom
>
>
--
View this message in context: http://www.nabble.com/jaas-security-tf4682391s2354.html#a13402681
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: jaas security
Posted by Tom Samplonius <to...@samplonius.org>.
----- "lancedv" <la...@yahoo.com> wrote:
> Hi guys,
>
> Im trying to use jaas in my activemq instance and have followed the
> instructions in the security page and some hints in this forum but im
> getting this error when starting activemq:
>
> ERROR BrokerService - Failed to start ActiveMQ JMS
> Message
> Broker. Reason: java.lang.SecurityException: User is not
> authenticated.
...
>
> im using activemq snapshot 5 running on fedora 6.
What does your config file look like?
Unfortunately, I found there are certain things you can password protect, and have other things work. For instance, the management topic. It will fail to be created, as apparently ActiveMQ demands that ActiveMQ use an admin password when connecting to itself. It is a bit bizarre.
> Any help will be very much appreciated. Thanks
> --
> View this message in context:
> http://www.nabble.com/jaas-security-tf4682391s2354.html#a13380046
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Tom