[jira] [Commented] (ARTEMIS-3390) Rest Connection with Broker Security: AMQ229031: Unable to validate user from /127.0.0.1:46674. Username: null;

Tue, 20 Jul 2021 12:32:10 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-3390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17384446#comment-17384446
 ] 

Justin Bertram commented on ARTEMIS-3390:
-----------------------------------------

If you are _only_ dealing with REST clients (i.e. no other remote messaging 
clients using JMS, AMQP, STOMP, etc.) the simplest way to deal with this is to 
configure an in-vm acceptor, e.g.:
{code:xml}
<acceptor name="invm">vm://0</acceptor>
{code}
And then set {{<security-enabled>false</security-enabled>}} in {{broker.xml}}. 
Be sure to remove any other {{acceptor}} elements so no remote clients can 
connect.

If you must support other remote clients then configure an in-vm {{acceptor}} 
with its own {{securityDomain}} that will allow unsecured access from the REST 
implementation's in-vm connector, e.g.:
{code:xml}
<acceptor name="invm">vm://0?securityDomain=invm</acceptor>
{code}
And then configure a new entry in your {{login.config}} that will allow access 
with no credentials:
{noformat}
invm {
    org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule required
        debug=true
        org.apache.activemq.jaas.guest.user="myUser"
        org.apache.activemq.jaas.guest.role="activemq";
};{noformat}
That said, I just tried this and ran into a problem which I've logged as 
ARTEMIS-3393. I've sent a PR. The fix should be merged soon and then released 
in 2.18.0.

Out of curiosity, why are you using REST instead of a standardized and 
ubiquitous protocol like STOMP? In just about any environment where a simple 
HTTP client might be advantageous for messaging there usually also exists a 
STOMP client implementation. It almost always makes more sense to use STOMP in 
these circumstances.

> Rest Connection with Broker Security: AMQ229031: Unable to validate user from 
> /127.0.0.1:46674. Username: null;  
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: ARTEMIS-3390
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3390
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 2.17.0
>            Reporter: André Hurschler
>            Priority: Critical
>
> We have installed the REST extension (WAR) and are trying to connect to a 
> queue. The broker uses standard security (admin). Then we get the following 
> exception.
>  curl -u admin:admin http://hostname:8171/rest/queues/queuename
> 8171 is my configured port.
> <h3>Caused by:</h3><pre>org.jboss.resteasy.spi.UnhandledException: 
> ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: 
> Unable to validate user from /127.0.0.1:46674. Username: null; SSL 
> certificate subject DN: unavailable] at 
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:77)
>  at 
> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:220)
>  at 
> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:175)
>  at 
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:418)
>  at 
> org.jboss.resteasy.core.SynchronousDispatcher.invokePropagateNotFound(SynchronousDispatcher.java:247)
>  at 
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:225)
>  at 
> org.jboss.resteasy.plugins.server.servlet.FilterDispatcher.doFilter(FilterDispatcher.java:62)
>  at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) at 
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
>  at 
> org.apache.activemq.artemis.component.JolokiaFilter.doFilter(JolokiaFilter.java:50)
>  at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at 
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
>  at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) 
> at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) 
> at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
>  at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
>  at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
>  at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435)
>  at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
>  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) 
> at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
>  at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
>  at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350)
>  at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) 
> at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59) 
> at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
>  at org.eclipse.jetty.server.Server.handle(Server.java:516) at 
> org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) at 
> org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) at 
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:273) 
> at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
>  at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at 
> org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
>  at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
>  at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
>  at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
>  at 
> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
>  at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
>  at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
>  at java.lang.Thread.run(Thread.java:748) Caused by: 
> ActiveMQSecurityException[errorType=SECURITY_EXCEPTION message=AMQ229031: 
> Unable to validate user from /127.0.0.1:46674. Username: null; SSL 
> certificate subject DN: unavailable] at 
> org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:540)
>  at 
> org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:434)
>  at 
> org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager.createSessionContext(ActiveMQClientProtocolManager.java:300)
>  at 
> org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager.createSessionContext(ActiveMQClientProtocolManager.java:249)
>  at 
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSessionChannel(ClientSessionFactoryImpl.java:1401)
>  at 
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSessionInternal(ClientSessionFactoryImpl.java:705)
>  at 
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSession(ClientSessionFactoryImpl.java:351)
>  at 
> org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.findQueue(QueueDestinationsResource.java:103)
>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 
> at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  at java.lang.reflect.Method.invoke(Method.java:498) at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:79)
>  at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:58)
>  at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
>  at 
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
>  ... 40 more



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to