Details
-
Bug
-
Resolution: Done
-
Major
-
JBoss A-MQ 6.1
-
None
-
None
Description
Steps to reproduce:
0) Uncomment line admin=admin,admin in etc/users.properties
1)before starting fuse add the following line to etc/activemq.xml:| <runtimeConfigurationPlugin checkPeriod="1000"/>|
and make sure element broker has attribute start="false"
and the following line to etc/org.fusesource.mq.fabric.server-default.cfg:| config.check=false|
2)Start fuse
3)Create queue with name Test.AuthRole using jmx
4)Add the following line to activemq.xml in plugins:| <simpleAuthenticationPlugin><users><authenticationUser groups="guests" password="test_password" username="test_user"/></users></simpleAuthenticationPlugin>|
5) wait for 15 seconds
6)In log there are the following lines:
14:56:44,080 | INFO | r[amq]Scheduler | RuntimeConfigurationBroker | 118 - org.apache.activemq.activemq-osgi - 5.9.0.redhat-610139 | changes to Plugins
14:56:44,080 | INFO | r[amq]Scheduler | RuntimeConfigurationBroker | 118 - org.apache.activemq.activemq-osgi - 5.9.0.redhat-610139 | No runtime support for additions of org.apache.activemq.schema.core.DtoSimpleAuthenticationPlugin@110787b[userGroupsOrUserPasswordsOrUsers={<
users[org.apache.activemq.schema.core.DtoSimpleAuthenticationPlugin$Users@560819[any=
{org.apache.activemq.schema.core.DtoAuthenticationUser@2dd7d9[groups=guests, password=test_password, username=test_user, id=<null>]} ]]>}, anonymousAccessAllowed=<null>, anonymousGroup=<null>, anonymousUser=<null>, userGroups=<null>, userPasswords=<null>, id=<null>]
7)Try to send message with the following code:| queue.sendTextMessage("Hello", "test_user", "test_password");|
where queue is of type org.apache.activemq.broker.jmx.QueueViewMBean;The follwing exception occurs:| javax.jms.JMSSecurityException: User name [test_user] or password is invalid.|
at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:52) |
at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1405) |
at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1510) |
at org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:325) |
at org.apache.activemq.broker.jmx.DestinationView.sendTextMessage(DestinationView.java:347) |
at org.apache.activemq.broker.jmx.DestinationView.sendTextMessage(DestinationView.java:333) |
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) |
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) |
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) |
at java.lang.reflect.Method.invoke(Method.java:606) |
at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:75) |
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) |
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) |
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) |
at java.lang.reflect.Method.invoke(Method.java:606) |
at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:279) |
at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:112) |
at com.sun.jmx.mbeanserver.StandardMBeanIntrospector.invokeM2(StandardMBeanIntrospector.java:46) |
at com.sun.jmx.mbeanserver.MBeanIntrospector.invokeM(MBeanIntrospector.java:237) |
at com.sun.jmx.mbeanserver.PerInterface.invoke(PerInterface.java:138) |
at com.sun.jmx.mbeanserver.MBeanSupport.invoke(MBeanSupport.java:252) |
at javax.management.StandardMBean.invoke(StandardMBean.java:405) |
at org.apache.activemq.broker.jmx.AnnotatedMBean.invoke(AnnotatedMBean.java:198) |
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) |
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:801) |
at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1487) |
at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:97) |
at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1328) |
at java.security.AccessController.doPrivileged(Native Method) |
at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1427) |
at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:848) |
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) |
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) |
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) |
at java.lang.reflect.Method.invoke(Method.java:606) |
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322) |
at sun.rmi.transport.Transport$1.run(Transport.java:177) |
at sun.rmi.transport.Transport$1.run(Transport.java:174) |
at java.security.AccessController.doPrivileged(Native Method) |
at sun.rmi.transport.Transport.serviceCall(Transport.java:173) |
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:556) |
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:811) |
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:670) |
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) |
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) |
at java.lang.Thread.run(Thread.java:744) |
Caused by: java.lang.SecurityException: User name [test_user] or password is invalid. |
at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:80) |
at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:92) |
at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:97) |
at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:733) |
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139) |
at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:292) |
at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:149) |
at org.apache.activemq.transport.ResponseCorrelator.onCommand(ResponseCorrelator.java:116) |
at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50) |
at org.apache.activemq.transport.vm.VMTransport.iterate(VMTransport.java:247) |
at org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:129) |
at org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:47) |
... 3 more |
Caused by: javax.security.auth.login.FailedLoginException: login failed |
at org.apache.karaf.jaas.modules.properties.PropertiesLoginModule.login(PropertiesLoginModule.java:92) |
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83) |
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) |
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) |
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) |
at java.lang.reflect.Method.invoke(Method.java:606) |
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) |
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) |
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) |
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) |
at java.security.AccessController.doPrivileged(Native Method) |
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) |
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) |
at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:73) |
... 14 more |
The same steps can be reproduced through hawtio.
And it works the same when roles are specified:| <simpleAuthenticationPlugin><users><authenticationUser groups="guests" password="test_password" username="test_user"/></users><authenticationUser groups="guests" password="test_password" username="test_user"/></simpleAuthenticationPlugin><authorizationPlugin><map><authorizationMap><authorizationEntries><authorizationEntry admin="guests,admins" read="guests,admins" topic="ActiveMQ.Advisory.>" write="guests,admins"/><authorizationEntry admin="admins" queue="Test.AuthRole" read="guests,admins" write="guests,admins"/></authorizationEntries></authorizationMap></map></authorizationPlugin>|