Hi,
Yeah, SMX NMR has similar issue before[1], I think this issue should
be addressed in Activemq, just create an amq issue[2] to track it and
also appended a patch.
[1]https://issues.apache.org/jira/browse/SMX4NMR-283
[2]https://issues.apache.org/jira/browse/AMQ-3883
Freeman
On 2012-6-14, at 下午5:52, Rajbir Saini wrote:
Hi,
I have integrated ActiveMQ with Karaf using ActiveMQ OSGi
integration at [1]. I am having trouble configuring the JAAS based
authorisation. While JAAS based authorisation works fine, I could
not make JAAS based authorisation work and get
"User xxx is not authorized to create: topic://
ActiveMQ.Advisory.Connection."
I have tried PropertiesLoginModule as well as JDBCLoginModule and
result is same. However, authorization work fine when I tried the
ActiveMQ "simpleAuthenticationPlugin".
Digging deep into the code, I found the problem is how
SecurityContext Principals (instances of UserPrincipal and
RolePrincipal) are compared with instances of GroupPrincipal of
ActiveMQ JAAS implementation. Below are equals method code snippet
of GroupPrincipal class:
1. public boolean equals(Object o) {
2. if (this == o) {
3. return true;
4. }
5. if (o == null || getClass() != o.getClass()) {
6. return false;
7. }
8.
9. final GroupPrincipal that = (GroupPrincipal)o;
10.
11. if (!name.equals(that.name)) {
12. return false;
13. }
14
15. return true;
16. }
At line number 5, Object 'o' is instance of class RolePrincipal and
it comparison with GroupPrincial returns false.
I am not sure what is the right solution. Asking ActiveMQ community
to change the equals method or writing a Karaf specific
authorization filter.
[1] http://activemq.apache.org/osgi-integration.html
Thanks,
Raj
---------------------------------------------
Freeman Fang
FuseSource
Email:[email protected]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042
