Cannot connect to ActiveMQ using JAAS authentication
Question
I have installed an ActiveMQ broker with JAAS authentication enabled as follows:
activemq.xml
<plugins>
<jaasAuthenticationPlugin configuration="PropertiesLogin" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="senders" read="receivers" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
login.config
activemq { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties" reload=true; };
users.properties
admin=adminpass
Now I am trying from a standalone java client to connect using the following:
ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://remote-ip:61616");
// Create a Connection
Connection connection = connectionFactory.createConnection("admin","adminpass");
connection.start();
// Create a Session
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
// Create the destination (Topic or Queue)
Destination destination = session.createQueue("TEST.FOO");
However I get the following in client syserr:
Caused by: java.io.IOException: Configuration Error:
Line 2: expected [{], found [activemq]
at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:532)
at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:445)
at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
... 30 more
Caught: javax.jms.JMSSecurityException: User name [admin] or password is invalid.
And the following in amq log:
2019-10-09 14:42:29,628 | WARN | Failed to add Connection id=ID:myhost-33642-1570621349189-4:1, clientId=ID:myhost-33642-1570621349189-0:1 due to {} | org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///myhost:33645@61616
java.lang.SecurityException: User name [admin] or password is invalid.
at org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.10.jar:5.15.10]
Any ideas what I am doing wrong?
2 answers
solution1
1 2019-10-09 12:14:33
The exception is coming from the JVM itself regarding the syntax of your login.config . The content of your login.config looks fine. Try this syntax:
activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};
This should be the only thing in login.config .
solution2
0 ACCPTED 2019-10-09 13:30:37
The solution to this issue was to make the following changes to my configuration:
login.config(thanks to @justin-bertram for the help)
PropertiesLogin {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};
Also setting the following lines in activemq.xml resolved the authorization issue I had:
<plugins>
<jaasAuthenticationPlugin configuration="PropertiesLogin" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.