Hi Domenico
It's Artemis 2.44.0
Changed login config to
activemq {
org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule
required
debug=true
org.apache.activemq.jaas.guest.user="artemis"
org.apache.activemq.jaas.guest.role="amq";
};
and added -Djava.security.debug=configfile,configparser to my JAVA_ARGS so
that they look like
JAVA_ARGS="-XX:AutoBoxCacheMax=20000 -XX:+PrintClassHistogram -XX:+UseG1GC
-XX:+UseStringDeduplication -Xms512M -Xmx2G -Dhawtio.disableProxy=true
-Dhawtio.realm=activemq -Dhawtio.offline=true
-Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal
-Dhawtio.http.strictTransportSecurity=max-age=31536000;includeSubDomains;preload
-Djolokia.policyLocation=classpath:jolokia-access.xml
-Dlog4j2.disableJmx=true --add-opens
java.base/jdk.internal.misc=ALL-UNNAMED
-Djava.security.debug=configfile,configparser "
The behaviour is pretty much the same.
The logs are:
+ ARTEMIS_HOME=/opt/activemq-artemis
+ ARTEMIS_INSTANCE=/var/lib/artemis-instance
+ INSTANCE_SCRIPT=/var/lib/artemis-instance/bin/artemis
+ '[' '!' -d /var/lib/artemis-instance/etc ']'
+ '[' -f /var/lib/artemis-instance/bin/artemis ']'
+ echo 'Starting ActiveMQ Artemis from Instance:
/var/lib/artemis-instance/bin/artemis'
Starting ActiveMQ Artemis from Instance:
/var/lib/artemis-instance/bin/artemis
+ exec /var/lib/artemis-instance/bin/artemis run
NOTE: Picked up JDK_JAVA_OPTIONS:
--add-exports=java.base/sun.security.internal.spec=ALL-UNNAMED
--add-exports=java.base/sun.security.provider=ALL-UNNAMED
-Djavax.net.ssl.trustStoreType=FIPS
Picked up JAVA_TOOL_OPTIONS: --module-path=/usr/share/java/bouncycastle-fips
_ _ _
/ \ ____| |_ ___ __ __(_) _____
/ _ \| _ \ __|/ _ \ \/ | |/ __/
/ ___ \ | \/ |_/ __/ |\/| | |\___ \
/_/ \_\| \__\____|_| |_|_|/___ /
Apache ActiveMQ Artemis 2.44.0
2025-11-26 19:58:09,844 INFO
[org.apache.activemq.artemis.integration.bootstrap] AMQ101000: Starting
ActiveMQ Artemis Server version 2.44.0
2025-11-26 19:58:09,905 INFO [org.apache.activemq.artemis.core.server]
AMQ221000: Primary message broker is starting with configuration Broker
Configuration
(clustered=false,journalDirectory=data/journal,bindingsDirectory=data/bindings,largeMessagesDirectory=data/large-messages,pagingDirectory=data/paging)
2025-11-26 19:58:09,965 INFO [org.apache.activemq.artemis.core.server]
AMQ221012: Using AIO Journal
2025-11-26 19:58:10,076 INFO [org.apache.activemq.artemis.core.server]
AMQ221057: Global Max Size is being adjusted to 1/2 of the JVM max size
(-Xmx). being defined as 1073741824
2025-11-26 19:58:10,125 INFO [org.apache.activemq.artemis.core.server]
AMQ221043: Protocol module found: [artemis-server]. Adding protocol support
for: CORE
2025-11-26 19:58:10,126 INFO [org.apache.activemq.artemis.core.server]
AMQ221043: Protocol module found: [artemis-amqp-protocol]. Adding protocol
support for: AMQP
2025-11-26 19:58:10,127 INFO [org.apache.activemq.artemis.core.server]
AMQ221043: Protocol module found: [artemis-hornetq-protocol]. Adding
protocol support for: HORNETQ
2025-11-26 19:58:10,128 INFO [org.apache.activemq.artemis.core.server]
AMQ221043: Protocol module found: [artemis-mqtt-protocol]. Adding protocol
support for: MQTT
2025-11-26 19:58:10,128 INFO [org.apache.activemq.artemis.core.server]
AMQ221043: Protocol module found: [artemis-openwire-protocol]. Adding
protocol support for: OPENWIRE
2025-11-26 19:58:10,129 INFO [org.apache.activemq.artemis.core.server]
AMQ221043: Protocol module found: [artemis-stomp-protocol]. Adding protocol
support for: STOMP
2025-11-26 19:58:10,218 INFO [org.apache.activemq.artemis.core.server]
AMQ221034: Waiting indefinitely to obtain primary lock
2025-11-26 19:58:10,219 INFO [org.apache.activemq.artemis.core.server]
AMQ221035: Primary Server Obtained primary lock
2025-11-26 19:58:11,566 INFO [org.apache.activemq.artemis.core.server]
AMQ221080: Deploying address DLQ supporting [ANYCAST]
2025-11-26 19:58:11,569 INFO [org.apache.activemq.artemis.core.server]
AMQ221003: Deploying ANYCAST queue DLQ on address DLQ
2025-11-26 19:58:11,570 INFO [org.apache.activemq.artemis.core.server]
AMQ221080: Deploying address ExpiryQueue supporting [ANYCAST]
2025-11-26 19:58:11,571 INFO [org.apache.activemq.artemis.core.server]
AMQ221003: Deploying ANYCAST queue ExpiryQueue on address ExpiryQueue
2025-11-26 19:58:12,814 INFO [org.apache.activemq.artemis.core.server]
AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61616 for protocols
[CORE,MQTT,AMQP,STOMP,HORNETQ,OPENWIRE]
2025-11-26 19:58:12,822 INFO [org.apache.activemq.artemis.core.server]
AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5445 for protocols
[HORNETQ,STOMP]
2025-11-26 19:58:12,826 INFO [org.apache.activemq.artemis.core.server]
AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5672 for protocols [AMQP]
2025-11-26 19:58:12,830 INFO [org.apache.activemq.artemis.core.server]
AMQ221020: Started EPOLL Acceptor at 0.0.0.0:1883 for protocols [MQTT]
2025-11-26 19:58:12,833 INFO [org.apache.activemq.artemis.core.server]
AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61613 for protocols [STOMP]
2025-11-26 19:58:12,836 INFO [org.apache.activemq.artemis.core.server]
AMQ221007: Server is now active
2025-11-26 19:58:12,837 INFO [org.apache.activemq.artemis.core.server]
AMQ221001: Apache ActiveMQ Artemis Message Broker version 2.44.0 [0.0.0.0,
nodeID=87ea5d58-caff-11f0-91be-f607a002d58e]
2025-11-26 19:58:12,859 INFO [org.apache.activemq.artemis] AMQ241003:
Starting embedded web server
2025-11-26 19:58:13,708 INFO [io.hawt.HawtioContextListener] Initialising
Hawtio services
2025-11-26 19:58:13,741 INFO [io.hawt.jmx.JmxTreeWatcher] Welcome to
Hawtio 4.4.1
2025-11-26 19:58:13,751 INFO
[io.hawt.web.auth.AuthenticationConfiguration] Authentication throttling
is enabled
2025-11-26 19:58:13,756 INFO
[io.hawt.web.auth.AuthenticationConfiguration] Starting Hawtio
authentication filter, JAAS realm: "activemq" authorized role(s): "amq"
role principal classes:
"org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal"
2025-11-26 19:58:13,756 INFO
[io.hawt.web.auth.AuthenticationConfiguration] Looking for OIDC
configuration file in: /var/lib/artemis-instance/etc/hawtio-oidc.properties
2025-11-26 19:58:13,812 INFO [io.hawt.web.auth.ClientRouteRedirectFilter]
Hawtio ClientRouteRedirectFilter is using 1800 sec. HttpSession timeout
2025-11-26 19:58:13,860 INFO [org.apache.activemq.artemis] AMQ241001: HTTP
Server started at http://0.0.0.0:8161
2025-11-26 19:58:13,861 INFO [org.apache.activemq.artemis] AMQ241002:
Artemis Jolokia REST API available at http://0.0.0.0:8161/console/jolokia
2025-11-26 19:58:13,862 INFO [org.apache.activemq.artemis] AMQ241004:
Artemis Console available at http://0.0.0.0:8161/console
2025-11-26 19:58:39,138 INFO [io.hawt.web.auth.LoginServlet] Hawtio login
is using 1800 sec. HttpSession timeout
configfile: Reading Policy from ~/.java.login.config
2025-11-26 19:58:39,189 WARN [io.hawt.system.Authenticator] Login failed
due to: No LoginModules configured for activemq
2025-11-26 19:58:39,810 WARN [io.hawt.system.Authenticator] Login failed
due to: No LoginModules configured for activemq
2025-11-26 19:58:40,763 WARN [io.hawt.system.Authenticator] Login failed
due to: No LoginModules configured for activemq
Tried to login 3 times with the credentials I've created the instance with
Thanks
On Wed, Nov 26, 2025 at 5:53 PM Domenico Francesco Bruscino <
[email protected]> wrote:
> Hi Yevhenii,
>
> what artemis version are you using? Can you try to include only the
> GuestLoginModule in your /var/lib/artemis-instance/etc/login.config file?
> Can you share the broker log with
> -Djava.security.debug=configfile,configparser to debug JAAS ConfigFile
> loading and parsing?
>
> Regards,
> Domenico
>
> On Wed, 26 Nov 2025 at 14:57, Ievgenii Lopushen <[email protected]>
> wrote:
>
> > Hi Domenico
> > Thank you for your reply
> >
> > ran a check from inside the container:
> >
> > artemis check node
> > NOTE: Picked up JDK_JAVA_OPTIONS:
> > --add-exports=java.base/sun.security.internal.spec=ALL-UNNAMED
> > --add-exports=java.base/sun.security.provider=ALL-UNNAMED
> > --add-opens=java.base/java.security=ALL-UNNAMED
> > -Djavax.net.ssl.trustStoreType=FIPS
> > Picked up JAVA_TOOL_OPTIONS:
> > --module-path=/usr/share/java/bouncycastle-fips
> > Connection brokerURL = tcp://localhost:61616
> > Connection failed::AMQ229031: Unable to validate user from
> 127.0.0.1:58194
> > .
> > Username: null; SSL certificate subject DN: unavailable
> >
> > --user:
> > Type the username for a retry
> > artemis
> >
> > --password: is mandatory with this configuration:
> > Type the password for a retry
> >
> > NodeCheck failed. Reason:
> > org.apache.activemq.artemis.api.core.ActiveMQSecurityException:
> > [errorType=SECURITY_EXCEPTION message=AMQ229031: Unable to validate user
> > from 127.0.0.1:40246. Username: artemis; SSL certificate subject DN:
> > unavailable]
> >
> > The check does not go through even though I used the credentials that
> i've
> > specified when creating the instance.
> >
> > I have no jcmd in my container, but from ps I see:
> >
> > ps aux | grep java
> > artemis 1 0.8 6.2 8467620 511192 ? Ssl 02:50 5:40
> > [rosetta] /usr/lib/jvm/java-21-openjdk-amd64/bin/java
> > /usr/lib/jvm/java-21-openjdk-amd64/bin/java
> >
> >
> -Djava.security.auth.login.config=/var/lib/artemis-instance/etc/login.config
> > -Dhawtio.realm=activemq -Dhawtio.role=amq
> >
> >
> -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal
> > -Djolokia.policyLocation=/var/lib/artemis-instance/etc/jolokia-access.xml
> > -Dhawtio.roles=amq
> >
> >
> -Djava.security.auth.login.config=/var/lib/artemis-instance/etc/login.config
> > -classpath /opt/activemq-artemis/lib/artemis-boot.jar
> > -Dartemis.home=/opt/activemq-artemis
> > -Dartemis.instance=/var/lib/artemis-instance
> > -Djava.library.path=/opt/activemq-artemis/bin/lib/linux-x86_64
> > -Djava.io.tmpdir=/var/lib/artemis-instance/tmp
> > -Ddata.dir=/var/lib/artemis-instance/data
> > -Dartemis.instance.etc=/var/lib/artemis-instance/etc
> > -Dhawtio.authenticationEnabled=false
> > -Djava.security.debug=loginconfig,config,parser,access,failure
> > org.apache.activemq.artemis.boot.Artemis run
> > root 1545 0.0 0.0 3640 2244 ? S+ 13:32 0:00 grep
> > --color=auto java
> >
> > So
> >
> >
> -Djava.security.auth.login.config=/var/lib/artemis-instance/etc/login.config
> > and the contents of /var/lib/artemis-instance/etc/login.config is:
> >
> > activemq {
> >
> org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule
> > sufficient
> > debug=false
> > reload=true
> >
> org.apache.activemq.jaas.properties.user="artemis-users.properties"
> >
> org.apache.activemq.jaas.properties.role="artemis-roles.properties";
> >
> > org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule
> > sufficient
> > debug=false
> > org.apache.activemq.jaas.guest.user="artemis"
> > org.apache.activemq.jaas.guest.role="amq";
> > };
> >
> > Thank you!
> >
> >
> >
> > On Wed, Nov 26, 2025 at 8:33 AM Domenico Francesco Bruscino <
> > [email protected]> wrote:
> >
> > > Hi Yevhenii,
> > >
> > > the error "No LoginModules configured for" is usually due to a wrong
> > login
> > > configuration.Can you double-check you are able to connect to an
> acceptor
> > > by using the artemis CLI?
> > > If the artemis CLI works, can you share the content of the file defined
> > by
> > > the java.security.auth.login.config system property in the container?
> > > By default, the java.security.auth.login.config system property is
> > defined
> > > in the bin/artemis script. You could use jcmd to double-check the
> > property
> > > value in the container, i.e. jcmd <PID> VM.system_properties.
> > >
> > > Regards,
> > > Domenico
> > >
> > > On Tue, 25 Nov 2025 at 19:02, Ievgenii Lopushen <[email protected]>
> > > wrote:
> > >
> > > > Hi
> > > > I'm trying to build a Docker image with Artemis in it. The image is
> > based
> > > > on Ubuntu 22.04 with FIPS turned on and JRE 21 installed. For Java I
> am
> > > > using Bouncycastle as my security provider, hence overriding the
> > > > java.security file with such providers:
> > > >
> > > >
> > > >
> > >
> >
> security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
> > > >
> > >
> >
> security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
> > > > fips:BCFIPS
> > > > security.provider.3=SUN
> > > >
> > > > When starting the container, Artemis does launch and I'm able to
> create
> > > an
> > > > Artemis instance. However, I cannot login to the web console. No
> matter
> > > the
> > > > credentials I specify I get:
> > > >
> > > > [io.hawt.system.Authenticator] Login failed due to: No LoginModules
> > > > configured for activemq
> > > >
> > > > Even though on identical default installation on host machine with
> > Ubuntu
> > > > or MacOS works fine.
> > > > Is there any additional configuration that should be applied to login
> > or
> > > > can it be related to FIPS?
> > > > --
> > > >
> > > > All the best,
> > > >
> > > > Yevhenii
> > > >
> > >
> >
> >
> > --
> >
> > All the best,
> >
> > Yevhenii Lopushen
> >
>
--
All the best,
Yevhenii Lopushen
