Re: Protect queues access with password

Mon, 15 Sep 2008 04:20:34 -0700 

You have both the <jaasAuthenticationPlugin>  and
<simpleAuthenticationPlugin> elements defined, and the
<simpleAuthenticationPlugin> is outside the <broker> element. You can't have
both elements defined. I believe you were trying to use the
<simpleAuthenticationPlugin>. Here's an example. 


 <plugins>
      <simpleAuthenticationPlugin>
        <users>
                <authenticationUser username="system" password="manager"
groups="users,admins"/>
                <authenticationUser username="user" password="password"
groups="users"/>
                <authenticationUser username="guest" password="password"
groups="guests"/>
        </users>
     </simpleAuthenticationPlugin>

      <!--  lets configure a destination based authorization mechanism -->
      <authorizationPlugin>
        <map>
          <authorizationMap>
            <authorizationEntries>
              <authorizationEntry queue=">" read="users,admins"
write="users,admins" admin="admins" />
            </authorizationEntries>
          </authorizationMap>
        </map>
      </authorizationPlugin>

    </plugins>

If you're not using Camel, comment out or remove the <camelContext> element
if it exists in your config file.  If you are using Camel, then consult the
Camel site for info on how to configure Camel.

http://activemq.apache.org/camel/configuring-camel.html

Joe



Sandro Tosi wrote:
> 
> Thanks, now I added
> 
> <broker....>
> ........
> 
>     <plugins>
>       <!--  use JAAS to authenticate using the login.config file on the
> classpath to configure JAAS -->
>       <jaasAuthenticationPlugin configuration="activemq-domain" />
> 
>       <!--  lets configure a destination based authorization mechanism -->
>       <authorizationPlugin>
>         <map>
>           <authorizationMap>
>             <authorizationEntries>
>               <authorizationEntry queue=">" read="users,admins"
> write="users,admins" admin="admins" />
>             </authorizationEntries>
> 
>           </authorizationMap>
>         </map>
>       </authorizationPlugin>
>     </plugins>
> 
>     </broker>
> 
>     <simpleAuthenticationPlugin>
>         <users>
>                 <authenticationUser username="system" password="manager"
> groups="users,admins"/>
>                 <authenticationUser username="user" password="password"
> groups="users"/>
>                 <authenticationUser username="guest" password="password"
> groups="guests"/>
>         </users>
>     </simpleAuthenticationPlugin>
> 
> but I have still problems at startup with a:
> 
> java.lang.SecurityException: User name or password is invalid.
>         at
> org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
>         at
> org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:81)
>         at
> org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:88)
>         at
> org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:662)
>         at
> org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
>         at
> org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
>         at
> org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292)
>         at
> org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:180)
>         at
> org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
>         at
> org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143)
>         at
> org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206)
>         at
> org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
>         at
> org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
>         at
> org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
>         at java.lang.Thread.run(Thread.java:595)
> Caused by: java.lang.SecurityException: Unable to locate a login
> configuration
> 
> 
> So, wehre I can configure it?
> 
> TIA,
> Sandro
> 
> 
> Joe Fernandez wrote:
>> 
>> The authentication plugin is used to control access to the broker. The
>> authorization plugin is used to control access to the destinations. So if
>> you haven't enabled the authorization plugin, then everyone who is
>> granted access to the broker is also granted access to all the
>> destinations. 
>> 
>> Joe
>> Get a free ActiveMQ user guide @ http://www.ttmsolutions.com 
>>  
>> 
>> 
>> Sandro Tosi wrote:
>>> 
>>> Hello,
>>> actually, every queue on activemq are "free entrance" for everyone (ok,
>>> knowing server, ports, name, etc) but we'd like anyhow to stop this and
>>> require a username/password access policy.
>>> 
>>> I've read the security doc[1] and added the "Simple Authentication
>>> Plugin" but I'm still able to connect to queues "anonymously".
>>> 
>>> How can I grant access only to given username/pwd?
>>> 
>>> Thanks in advance,
>>> Sandro
>>> 
>>> [1] http://activemq.apache.org/security.html
>>> 
>> 
>> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Protect-queues-access-with-password-tp19453220p19491106.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Reply via email to