[jira] [Created] (AMQ-5494) Unable to send message from web console when using secured broker

[Bob (JIRA)]

Bob created AMQ-5494:
------------------------

             Summary: Unable to send message from web console when using 
secured broker
                 Key: AMQ-5494
                 URL: https://issues.apache.org/jira/browse/AMQ-5494
             Project: ActiveMQ
          Issue Type: Bug
          Components: webconsole
    Affects Versions: 5.10.0
            Reporter: Bob
            Priority: Minor


When security is enabled in the broker I am unable to send messages through the 
web console even though the credentials are listed in credentials.properties.

You can reproduce this issue with the following steps:
# Install a fresh copy of ActiveMQ 5.10.0
# Enable security by adding the following plugin configuration to 
conf/activemq.xml:
{noformat}
<broker>
...
<plugins>
    <simpleAuthenticationPlugin>
            <users>
                <authenticationUser username="system" 
password="${activemq.password}"
                    groups="users,admins"/>
                <authenticationUser username="user" password="${guest.password}"
                    groups="users"/>
                <authenticationUser username="guest" 
password="${guest.password}" groups="guests"/>
            </users>
        </simpleAuthenticationPlugin>
</plugins>
{noformat}
# Start ActiveMQ
# Open http://0.0.0.0:8161/admin/queues.jsp with a browser and login with 
admin/admin
# Create a new queue and try to send a message

The result is that the message is not sent and the following exception appears:
{noformat}
 INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
 INFO | Initializing Spring FrameworkServlet 'dispatcher'
 INFO | jolokia-agent: No access restrictor found at 
classpath:/jolokia-access.xml, access to all MBeans is allowed
 INFO | Connector vm://localhost started
 WARN | Failed to add Connection ID:ws01-41310-1418932516253-3:2
java.lang.SecurityException: User name [admin] or password is invalid.
        at 
org.apache.activemq.security.SimpleAuthenticationBroker.addConnection(SimpleAuthenticationBroker.java:85)[activemq-broker-5.10.0.jar:5.10.0]
{noformat}

The problem seems to be that the web client is authenticating using the 
credentials from the http request instead of the credentials from 
conf/credentials.properties. It seems to me that this is incorrect because the 
header of the file says:

{noformat}
# Defines credentials that will be used by components (like web console) to 
access the broker
{noformat}

>From the source code of WebClient.java this behavior might have been 
>introduced in #AMQ-3924.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)