Uploaded image for project: 'FUSE Message Broker'
  1. FUSE Message Broker
  2. MB-824

When two loging modules configured, one succeeds, one fails but both are adding their principals

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 5.4.2-fuse-01-00
    • Fix Version/s: 5.4.2-fuse-02-00
    • Component/s: None
    • Labels:
      None

      Description

      When using the jaasDualAuthentication plug-in there are problems with the userid's. The properties files contain:

      • one "system" account in the "admins" group
      • one "user" account in the "consumers" group

      What we would like to define as ACLs:

      • "admins" can do anything
      • only "consumers" can consume
      • anybody can send messages to any destination

      The main problem with the login.config file above is that, if you supply "system" as login and anything as password (even an invalid password), the broker lets you in and treat you as the "system" user.

        Gliffy Diagrams

        1. jaas-broker-guest.xml
          3 kB
          Susan Javurek
        2. loginWithGuest.config
          2 kB
          Susan Javurek
        3. XBeanSecurityWithGuestTest.java
          5 kB
          Susan Javurek

          Activity

          Hide
          garytully Gary Tully added a comment -

          corresponding issues at apache:
          https://issues.apache.org/jira/browse/AMQ-3182 - JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
          https://issues.apache.org/jira/browse/AMQ-3183 - Set JMSXUserID value based on authenticated principal

          Show
          garytully Gary Tully added a comment - corresponding issues at apache: https://issues.apache.org/jira/browse/AMQ-3182 - JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt https://issues.apache.org/jira/browse/AMQ-3183 - Set JMSXUserID value based on authenticated principal
          Hide
          garytully Gary Tully added a comment -

          fix committed to 5.4-fusesource branch. Will be in tonight's snapshot.

          Show
          garytully Gary Tully added a comment - fix committed to 5.4-fusesource branch. Will be in tonight's snapshot.

            People

            • Assignee:
              garytully Gary Tully
              Reporter:
              sjavurek Susan Javurek
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: