FUSE Message Broker
  1. FUSE Message Broker
  2. MB-824

When two loging modules configured, one succeeds, one fails but both are adding their principals

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 5.4.2-fuse-01-00
    • Fix Version/s: 5.4.2-fuse-02-00
    • Component/s: None
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      When using the jaasDualAuthentication plug-in there are problems with the userid's. The properties files contain:

      • one "system" account in the "admins" group
      • one "user" account in the "consumers" group

      What we would like to define as ACLs:

      • "admins" can do anything
      • only "consumers" can consume
      • anybody can send messages to any destination

      The main problem with the login.config file above is that, if you supply "system" as login and anything as password (even an invalid password), the broker lets you in and treat you as the "system" user.

        Gliffy Diagrams

        1. jaas-broker-guest.xml
          3 kB
          Susan Javurek
        2. loginWithGuest.config
          2 kB
          Susan Javurek
        3. XBeanSecurityWithGuestTest.java
          5 kB
          Susan Javurek

          Activity

          Hide
          Gary Tully added a comment -

          corresponding issues at apache:
          https://issues.apache.org/jira/browse/AMQ-3182 - JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
          https://issues.apache.org/jira/browse/AMQ-3183 - Set JMSXUserID value based on authenticated principal

          Show
          Gary Tully added a comment - corresponding issues at apache: https://issues.apache.org/jira/browse/AMQ-3182 - JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt https://issues.apache.org/jira/browse/AMQ-3183 - Set JMSXUserID value based on authenticated principal
          Hide
          Gary Tully added a comment -

          fix committed to 5.4-fusesource branch. Will be in tonight's snapshot.

          Show
          Gary Tully added a comment - fix committed to 5.4-fusesource branch. Will be in tonight's snapshot.

            People

            • Assignee:
              Gary Tully
              Reporter:
              Susan Javurek
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: