hi,
have you tried something like this? For me JAAS is working, but I have changed
the plugin config and put the files that you created in /lib into /conf but not
sure if that makes a difference.
<plugins>
<!-- use JAAS to authenticate using the login.config file on the
classpath to configure JAAS -->
<jaasAuthenticationPlugin configuration="activemq-domain" />
<!-- lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="mygroup" write="mygroup"
admin="mygroup" />
<authorizationEntry topic=">" read="mygroup" write="mygroup"
admin="mygroup" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
-----Ursprüngliche Nachricht-----
Von: James Strachan [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 28. April 2006 06:53
An: [email protected]
Betreff: Re: Trouble geting JAAS authorization to work with
ActiveMQ-4.0-RC2
A quick workaround is to create the advisory destinattions manually
via JMX or the Web Console to avoid your client being the first person
to create the destination - but it does look like somethings wrong -
it looks like either the users's group is not being found correctly or
that the authorizationPlugin is not being properly initialised.
We could maybe patch the code for the authorizationPlugin to add debug
logging to help you figure this one out?
On 4/25/06, Johan Hallgren <[EMAIL PROTECTED]> wrote:
> Hello list,
>
> I am trying to get authentication and authorization using JAAS to work with
> ActiveMQ-RC2, and am having troubles with the authorization part
> (authentication seems to be working fine). I am trying to get a setup as
> close to the one outlined in http://www.activemq.org/Security to work first,
> so this is what I have set up:
>
> I have created a login.config file in $ACTIVE_HOME/lib with these contents:
>
> activemq-domain {
> org.apache.activemq.jaas.PropertiesLoginModule required
> debug=true
> org.apache.activemq.jaas.properties.user="users.properties"
> org.apache.activemq.jaas.properties.group="groups.properties";
> };
>
> In the same directory, I have created users.properties with this content:
>
> myuser=mypassword
>
> Also in the same directory, I have created groups.properties with this
> content:
>
> myuser=mygroup
>
> Finally, I have made this addition to activemq.xml, and placed it as the
> first element in the broker element:
>
> <plugins>
> <!-- use JAAS to authenticate using the login.config file on the
> classpath to configure JAAS -->
> <jaasAuthenticationPlugin configuration="activemq-domain" />
>
> <!-- lets configure a destination based authorization mechanism -->
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue=">" read="mygroup" write="mygroup"
> admin="mygroup" />
> <authorizationEntry queue="USERS.>" read="mygroup"
> write="mygroup" admin="mygroup" />
> <authorizationEntry queue="GUEST.>" read="mygroup"
> write="mygroup" admin="mygroup" />
>
> <authorizationEntry topic=">" read="mygroup" write="mygroup"
> admin="mygroup" />
> <authorizationEntry topic="USERS.>" read="mygroup"
> write="mygroup" admin="mygroup" />
> <authorizationEntry topic="GUEST.>" read="mygroup"
> write="mygroup" admin="mygroup" />
>
> <authorizationEntry topic="ActiveMQ.Advisory.>" read="mygroup"
> write="mygroup" admin="mygroup"/>
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> </plugins>
>
> I am then trying to send messages to a queue from an application in my
> servlet container, that I have based on the example that came with the
> ActiveMQ distribution. Basically, first I create a connection like this:
>
> ActiveMQConnection connection = ActiveMQConnection.makeConnection("myuser",
> "mypassword", "tcp://localhost:61616");
>
> I then try and create a javax.jms.Session like this:
>
> Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
>
> However, when doing this, I get an exception:
>
> javax.jms.JMSException: User myuser is not authorized to create:
> topic://ActiveMQ.Advisory.Connection
>
> I have also tried doing a connection.start() before creating the session, but
> that statement also yields the above exception. The authentication piece does
> seem to work, though, because if I supply an erroneous user name, creating
> the session throws this exception:
>
> javax.jms.JMSException: User name or password is invalid.
>
> Also, sending messages without using JAAS (by removing the above plugins
> element from activemq.xml) works fine.
>
> I'm now lost trying to figure out where I'm going wrong. I have not
> referenced any topic or queue names in the code prior to creating the
> session, so I'm wondering why the exception states that I'm trying to create
> an ActiveMQ.Advisory.Connection topic. Have I misconfigured activemq.xml or
> login.config somewhere, or is there something in the code that needs to
> happen to invoke the authorization logic, other than specifying the
> autorizationMap in activemq.xml?
>
> Any insight would be most appreciated!
>
> Thanks in advance,
> Johan Hallgren
>
>
--
James
-------
http://radio.weblogs.com/0112098/
This mail has originated outside your organization,
either from an external partner or the Global Internet.
Keep this in mind if you answer this message.
This mail has originated outside your organization, either from an external
partner or the Global Internet. Keep this in mind if you answer this message.
