It is probably linked to allowed Anonymous access. It looks like that user is
ignored and Anonymous acces is used. And there is no limit for anonymous
user.
DEBUG org.apache.qpid.jms.sasl.SaslMechanismFinder - Skipping SASL-PLAIN
mechanism because the available credentials are not sufficient
INFO org.apache.qpid.jms.sasl.SaslMechanismFinder - Best match for SASL auth
was: SASL-ANONYMOUS
When I disable Anonymous access, I can connect at all.
It looks like PLAIN SASL mechanism was ignored because of missing
credentials. I cannot find out what missing credentials means.
Connection URL was like
amqps://cbgc03:5673?transport.trustStorePassword=123456&amqp.saslMechanisms=PLAIN&transport.keyStorePassword=123456&transport.keyStoreLocation=/path/to/user1.keystore&transport.trustStoreLocation=/path/to/cbgc03.truststore&transport.keyAlias=user1
Contents of login.config file:
activemq {
org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
sufficient
debug=false
org.apache.activemq.jaas.properties.user="artemis-users.properties"
org.apache.activemq.jaas.properties.role="artemis-roles.properties";
org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule
sufficient
debug=true
org.apache.activemq.jaas.textfiledn.user="users.properties"
org.apache.activemq.jaas.textfiledn.role="roles.properties";
};
SSL acceptor in broker.xml:
<acceptor
name="amqpSsl">tcp://0.0.0.0:5673?protocols=AMQP;sslEnabled=true;keyStorePath=/path/to/cbgc03.keystore;keyStorePassword=123456;trustStorePath=/path/to/member.truststore;trustStorePassword=123456</acceptor>
users.properties file:
user1=CN=user1,O=Unknown,L=Unknown,ST=Unknown,C=Unknown
groups.properties file:
amq=user1
Am I doing everything right to get SSL connection working?
Vavricka
--
View this message in context:
http://activemq.2283324.n4.nabble.com/Artemis-Qpid-JMS-Connection-limit-tp4711862p4711981.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
