4 Replies Latest reply on Sep 15, 2010 3:21 AM by concombremasqué

    FUSE ESB 4.3.0: JAAS exception with broker

    concombremasqué

      Hi,

       

      I am trying to use JAAS for broker authentication. My 'activemq-broker.xml' looks like that:

       

       

       

       

      And 'my.users.properties' contains:

      user=password,users

       

       

      Now if I start ServiceMix everything goes well (my JAAS realm is created). But when I try to access a queue (using HermesJMS) I always end up with following JAAS exception:

       

      java.lang.SecurityException: User user is not authorized to create: topic://ActiveMQ.Advisory.Connection

           at org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:76)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:474)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.BrokerFilter.send(BrokerFilter.java:129)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.scheduler.SchedulerBroker.send(SchedulerBroker.java:136)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:480)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:411)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:406)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.advisory.AdvisoryBroker.addConnection(AdvisoryBroker.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:90)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:694)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:83)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:137)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:309)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:185)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:217)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:219)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:201)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

           at java.lang.Thread.run(Thread.java:619)[:1.6.0_18]

       

       

      I do not understand: it appears HermesJMS is successfully logged on ActiveMQ (using user called 'user' with password 'password') but ActiveMQ denies creation of Advisory topic in spite of my authorizationEntry in activemq-broker.xml.

       

      Any idea?

        • 1. Re: FUSE ESB 4.3.0: JAAS exception with broker
          davsclaus

          You are sure user is part of the users group? Maybe add a 2nd user with a meaningful name and see if it changes. It can be hard to spot difference when you use user/users.

          • 2. Re: FUSE ESB 4.3.0: JAAS exception with broker
            concombremasqué

            Hi Dave,

             

            Thanks for helping.

             

            I've just changed content of 'my.users.properties' file with:

            test=pwd,users

             

            So now I have a user called 'test' part of 'users' group.

             

            And I still have the same exception:

             

            java.lang.SecurityException: User test is not authorized to create: topic://ActiveMQ.Advisory.Connection

                 at org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:76)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:474)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.BrokerFilter.send(BrokerFilter.java:129)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.scheduler.SchedulerBroker.send(SchedulerBroker.java:136)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:480)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:411)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:406)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.advisory.AdvisoryBroker.addConnection(AdvisoryBroker.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:90)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:694)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:83)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:137)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:309)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:185)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:217)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:219)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:201)[43:org.apache.activemq.activemq-core:5.4.0.fuse-00-00]

                 at java.lang.Thread.run(Thread.java:619)[:1.6.0_18]

             

             

            Using JAAS with FUSE Message Broker 5.4.0 and a login.config file works though. But with ActiveMQ running in FUSE ESB 4.3 and karaf JAAS configuration it fails.

            • 3. Re: FUSE ESB 4.3.0: JAAS exception with broker
              jeanmouloud

              Hello,

               

              I have the exact same issue here.

               

              Anybody knows how to make JAASActiveMQFUSE ESB 4.3 work?

               

              Thank you in advance,

              JeanMou

              • 4. Re: FUSE ESB 4.3.0: JAAS exception with broker
                concombremasqué

                Hi,

                 

                Looks like a bug in either Karaf or ActiveMQ. Don't know exactly because JAAS in a standalone ActiveMQ works fine.

                 

                Maybe it would be worth opening a JIRA for this case (but where? ServiceMix? Karf? ActiveMQ?)

                 

                Regards,

                CM