FUSE Message Broker
  1. FUSE Message Broker
  2. MB-824

When two loging modules configured, one succeeds, one fails but both are adding their principals

    Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Done
    • Affects Version/s: 5.4.2-fuse-01-00
    • Fix Version/s: 5.4.2-fuse-02-00
    • Component/s: None
    • Labels:
      None
    • Similar Issues:
      Show 10 results 

      Description

      When using the jaasDualAuthentication plug-in there are problems with the userid's. The properties files contain:

      • one "system" account in the "admins" group
      • one "user" account in the "consumers" group

      What we would like to define as ACLs:

      • "admins" can do anything
      • only "consumers" can consume
      • anybody can send messages to any destination

      The main problem with the login.config file above is that, if you supply "system" as login and anything as password (even an invalid password), the broker lets you in and treat you as the "system" user.

      1. jaas-broker-guest.xml
        3 kB
        Susan Javurek
      2. loginWithGuest.config
        2 kB
        Susan Javurek
      3. XBeanSecurityWithGuestTest.java
        5 kB
        Susan Javurek

        Activity

        Hide
        Gary Tully
        added a comment -

        corresponding issues at apache:
        https://issues.apache.org/jira/browse/AMQ-3182 - JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt
        https://issues.apache.org/jira/browse/AMQ-3183 - Set JMSXUserID value based on authenticated principal

        Show
        Gary Tully
        added a comment - corresponding issues at apache: https://issues.apache.org/jira/browse/AMQ-3182 - JAAS PropertiesLoginModule does not maintain internal validity state, so will commit in error after an invalid login attempt https://issues.apache.org/jira/browse/AMQ-3183 - Set JMSXUserID value based on authenticated principal
        Hide
        Gary Tully
        added a comment -

        fix committed to 5.4-fusesource branch. Will be in tonight's snapshot.

        Show
        Gary Tully
        added a comment - fix committed to 5.4-fusesource branch. Will be in tonight's snapshot.

          People

          • Assignee:
            Gary Tully
            Reporter:
            Susan Javurek
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: