Hi,
I have integrated ActiveMQ with Karaf using ActiveMQ OSGi integration at
[1]. I am having trouble configuring the JAAS based authorisation. While
JAAS based authorisation works fine, I could not make JAAS based
authorisation work and get
"User xxx is not authorized to create:
topic://ActiveMQ.Advisory.Connection."
I have tried PropertiesLoginModule as well as JDBCLoginModule and result
is same. However, authorization work fine when I tried the ActiveMQ
"simpleAuthenticationPlugin".
Digging deep into the code, I found the problem is how SecurityContext
Principals (instances of UserPrincipal and RolePrincipal) are compared
with instances of GroupPrincipal of ActiveMQ JAAS implementation. Below
are equals method code snippet of GroupPrincipal class:
1. public boolean equals(Object o) {
2. if (this == o) {
3. return true;
4. }
5. if (o == null || getClass() != o.getClass()) {
6. return false;
7. }
8.
9. final GroupPrincipal that = (GroupPrincipal)o;
10.
11. if (!name.equals(that.name)) {
12. return false;
13. }
14
15. return true;
16. }
At line number 5, Object 'o' is instance of class RolePrincipal and it
comparison with GroupPrincial returns false.
I am not sure what is the right solution. Asking ActiveMQ community to
change the equals method or writing a Karaf specific authorization filter.
[1] http://activemq.apache.org/osgi-integration.html
Thanks,
Raj
