Looks like jira it is. I have not tried the consumer yet. Mined sharing your
code?
ttmdev wrote:
>
> Yup, I'm getting the same thing w/my JNDI producer. However, my consumer
> has no problem. Perhaps a JIRA is in order ;)
>
> Joe
>
>
>
> Tom Purcell wrote:
>>
>> Joe
>>
>> Thanks for the follow up. I'm almost where I need to be. I made one
>> change. I upgraded from AMQ 5.0 to AMQ 5.1. The SecurityException went
>> away and AMQ came up clean. But I'm still have a problem and I think it
>> has more to do with my client code than AMQ itself. That is I'm not sure
>> how to connect.
>>
>> When I use dynamic queues my code is straightforward:
>> requestQueue = queueSession.createQueue("Wile.Jms.Queue.Query.Asset");
>> queueSender = queueSession.createSender(requestQueue);
>>
>> Now that I'm predefining the queues the user that is trying to send to
>> the queue does not have admin access and therefore cannot create a queue.
>> In fact I don't want that user to create one. I want that user to use the
>> one that was created at start up via the AMQ xml configuration
>> (<destinations>). The problem is with the above code AMQ throws an
>> exception:
>> java.lang.SecurityException: User queryuser is not authorized to create:
>> queue://Wile.Jms.Queue.Query.Asset
>>
>> I see why I cannot use createQueue so I'm trying to figure out how to
>> "findQueue" and it appears the only way is via JNDI. So I tried this:
>> Queue queue = (Queue)jndiContext.lookup("Wile.Jms.Queue.Query.Asset") ;
>> queueSender = queueSession.createSender(queue);
>>
>> And I get:
>> java.lang.SecurityException: User queryuser is not authorized to create:
>> queue://Wile.Jms.Queue.Query.Asset
>>
>> So I'm not sure how to connect to a predefined queue. Can you point me at
>> an example?
>>
>> Thanks
>> Tom
>>
>>
>> ttmdev wrote:
>>>
>>> FWIW, I have dropped your configuration into my setup (AMQ 5.1, JDK
>>> 1.5.0_06-b05, Windoze XP Pro)
>>> and have not encountered your problem. I have used both
>>> jaasAuthenticationPlugin and simpleAuthenticationPlugin.
>>>
>>> Joe
>>>
>>>
>>>
>>> Tom Purcell wrote:
>>>>
>>>> Hello
>>>> I'm trying to get the ActiveMQ authorizationPlugin to work. I'm
>>>> using the basic jaasAuthenticationPlugin
>>>> configuration="activemq-domain" properties logon. My activemq.xml,
>>>> login.conf, users.properties and groups.properties are all in my
>>>> <AMQ_HOME>/conf directory. My activmq.xml is only slightly different
>>>> for the example on the site. I have removed jetty, camel and the
>>>> commandAgent. I'm running AMQ 5.0.0 on JDK 1.5.0_14-b03. I delete
>>>> <AMQ_HOME>/data/localhost between each run to make sure I come up
>>>> clean. Everything works... up to a point.
>>>>
>>>> If I run without any defined destinations (queues or topics)
>>>> everything works. Users with authority can access the dynamically
>>>> created queues. Bad users and bad passwords fail.
>>>>
>>>> The problem is I need to run with defined destinations. When I add
>>>> the following to my activemq.xml:
>>>> <destinations>
>>>> <queue physicalName="wileJmsQueryQueue"/>
>>>> </destinations>
>>>>
>>>> I get the following in the log:
>>>> 14:11:50,731 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 322 |
>>>> Checkpoint started.
>>>> 14:11:50,733 | DEBUG | ActiveMQ Journal Checkpoint Worker |
>>>> AMQPersistenceAdapter | tore.amq.AMQPersistenceAdapter 354 |
>>>> Checkpoint done.
>>>> 14:11:50,921 | DEBUG | main | AbstractRegion |
>>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>>> queue://wileJmsQueryQueue
>>>> 14:11:50,923 | INFO | main | KahaStore |
>>>> e.activemq.kaha.impl.KahaStore 448 | Kaha Store using data directory
>>>> /data/apache-activemq-5.0.0/data/localhost/kr-store/data
>>>> 14:11:50,986 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 328 | Doing
>>>> batch update... adding: 0 removing: 0
>>>> 14:11:50,987 | DEBUG | Checkpoint: queue://wileJmsQueryQueue |
>>>> AMQMessageStore | vemq.store.amq.AMQMessageStore 366 | Batch
>>>> update done.
>>>> 14:11:50,993 | DEBUG | main | AMQMessageStore |
>>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>>> 14:11:51,014 | DEBUG | main | AbstractRegion |
>>>> q.broker.region.AbstractRegion 112 | Adding destination:
>>>> topic://ActiveMQ.Advisory.Queue
>>>> 14:11:51,025 | INFO | main | BrokerService |
>>>> .activemq.broker.BrokerService 413 | Using Persistence Adapter:
>>>> AMQPersistenceAdapter(/data/apache-activemq-5.0.0/data/localhost)
>>>> 14:11:51,029 | DEBUG | main | AMQMessageStore |
>>>> vemq.store.amq.AMQMessageStore 266 | flush starting ...
>>>> 14:11:51,030 | ERROR | main | BrokerService |
>>>> .activemq.broker.BrokerService 439 | Failed to start ActiveMQ JMS
>>>> Message Broker. Reason: java.lang.SecurityException: User is not
>>>> authenticated.
>>>> java.lang.SecurityException: User is not authenticated.
>>>> at
>>>> org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:52)
>>>> at
>>>> org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
>>>> at
>>>> org.apache.activemq.broker.region.AbstractRegion.start(AbstractRegion.java:93)
>>>> at
>>>> org.apache.activemq.broker.region.RegionBroker.start(RegionBroker.java:182)
>>>> at
>>>> org.apache.activemq.broker.jmx.ManagedRegionBroker.start(ManagedRegionBroker.java:103)
>>>> at
>>>> org.apache.activemq.broker.TransactionBroker.start(TransactionBroker.java:112)
>>>> at
>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>> at
>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>> at
>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>> at
>>>> org.apache.activemq.broker.BrokerFilter.start(BrokerFilter.java:153)
>>>> at
>>>> org.apache.activemq.broker.MutableBrokerFilter.start(MutableBrokerFilter.java:163)
>>>> at
>>>> org.apache.activemq.broker.BrokerService.start(BrokerService.java:422)
>>>> at
>>>> org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:46)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1201)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1171)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:425)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
>>>> at
>>>> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:156)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
>>>> at
>>>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
>>>> at
>>>> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:287)
>>>> at
>>>> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
>>>> at
>>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:64)
>>>> at
>>>> org.apache.xbean.spring.context.ResourceXmlApplicationContext.<init>(ResourceXmlApplicationContext.java:52)
>>>> at
>>>> org.apache.activemq.xbean.XBeanBrokerFactory.createApplicationContext(XBeanBrokerFactory.java:91)
>>>> at
>>>> org.apache.activemq.xbean.XBeanBrokerFactory.createBroker(XBeanBrokerFactory.java:51)
>>>> at
>>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:71)
>>>> at
>>>> org.apache.activemq.broker.BrokerFactory.createBroker(BrokerFactory.java:54)
>>>> at
>>>> org.apache.activemq.console.command.StartCommand.startBroker(StartCommand.java:112)
>>>> at
>>>> org.apache.activemq.console.command.StartCommand.runTask(StartCommand.java:74)
>>>> at
>>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>>> at
>>>> org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:104)
>>>> at
>>>> org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:51)
>>>> at
>>>> org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:76)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>> at java.lang.reflect.Method.invoke(Method.java:585)
>>>> at org.apache.activemq.console.Main.runTaskClass(Main.java:222)
>>>> at org.apache.activemq.console.Main.main(Main.java:106)
>>>> 14:11:51,033 | INFO | main | faultListableBeanFactory |
>>>> t.DefaultSingletonBeanRegistry 285 | Destroying singletons in
>>>> [EMAIL PROTECTED]:
>>>> defining beans
>>>> [org.springframework.beans.factory.config.PropertyPlaceholderConfigurer,org.apache.activemq.xbean.XBeanBrokerService];
>>>> root of factory hierarchy
>>>> 14:11:51,048 | INFO | ActiveMQ ShutdownHook | BrokerService
>>>> | .activemq.broker.BrokerService 448 | ActiveMQ Message Broker
>>>> (localhost, null) is shutting down
>>>>
>>>> Note that the broker shuts down.
>>>>
>>>> I've tried looking through some AMQ code and the xsd to see if I'm
>>>> missing something in the configuration and I'm at a loss. My
>>>> activemq.xml (with destinations) is below. Any thoughts will be
>>>> appreciated.
>>>>
>>>> Thanks
>>>> Tom
>>>>
>>>> <beans
>>>> xmlns="http://www.springframework.org/schema/beans";
>>>> xmlns:amq="http://activemq.org/config/1.0";
>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>>>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>>>> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>>>> http://activemq.org/config/1.0
>>>> http://activemq.apache.org/schema/activemq-core-5.0.0.xsd
>>>> http://activemq.apache.org/camel/schema/spring
>>>> http://activemq.apache.org/camel/schema/spring/camel-spring.xsd";>
>>>>
>>>> <!-- Allows us to use system properties as variables in this
>>>> configuration file -->
>>>> <bean
>>>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
>>>>
>>>> <broker xmlns="http://activemq.org/config/1.0";
>>>> brokerName="localhost" dataDirectory="${activemq.base}/data">
>>>> <destinations>
>>>> <queue physicalName="wileJmsQueryQueue"/>
>>>> </destinations>
>>>> <!-- The transport connectors ActiveMQ will listen to -->
>>>> <transportConnectors>
>>>> <transportConnector name="openwire"
>>>> uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
>>>> <transportConnector name="ssl"
>>>> uri="ssl://localhost:61617"/>
>>>> <transportConnector name="stomp"
>>>> uri="stomp://localhost:61613"/>
>>>> <transportConnector name="xmpp"
>>>> uri="xmpp://localhost:61222"/>
>>>> </transportConnectors>
>>>>
>>>> <!-- The store and forward broker networks ActiveMQ will listen
>>>> to -->
>>>> <networkConnectors>
>>>> <networkConnector name="default-nc"
>>>> uri="multicast://default"/>
>>>> </networkConnectors>
>>>>
>>>> <plugins>
>>>> <!-- use JAAS to authenticate using the login.config file
>>>> on the classpath to configure JAAS -->
>>>> <jaasAuthenticationPlugin configuration="activemq-domain"/>
>>>> <!-- lets configure a destination based authorization
>>>> mechanism -->
>>>> <authorizationPlugin>
>>>> <map>
>>>> <authorizationMap>
>>>> <authorizationEntries>
>>>> <authorizationEntry queue=">" read="all"
>>>> write="all" admin="all"/>
>>>> <authorizationEntry
>>>> topic="ActiveMQ.Advisory.>" read="all" write="all" admin="all"/>
>>>> </authorizationEntries>
>>>> <tempDestinationAuthorizationEntry>
>>>> <tempDestinationAuthorizationEntry
>>>> read="all" write="all" admin="all"/>
>>>> </tempDestinationAuthorizationEntry>
>>>> </authorizationMap>
>>>> </map>
>>>> </authorizationPlugin>
>>>> </plugins>
>>>> </broker>
>>>> </beans>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
--
View this message in context:
http://www.nabble.com/Secutiry-and-Predefined-Destinations-tp17370190s2354p17448270.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
