Re: Karaf-ActiveMQ authorization problem

Thu, 14 Jun 2012 21:13:14 -0700

Thanks Freeman. I thought so that fixing the equals method is the right thing to do. 

Raj

On Friday 15 June 2012 07:35 AM, Freeman Fang wrote:

Hi,
Yeah, SMX NMR has similar issue before[1], I think this issue should be addressed in Activemq, just create an amq issue[2] to track it and also appended a patch. 

[1]https://issues.apache.org/jira/browse/SMX4NMR-283
[2]https://issues.apache.org/jira/browse/AMQ-3883

Freeman
On 2012-6-14, at 下午5:52, Rajbir Saini wrote:


Hi,
I have integrated ActiveMQ with Karaf using ActiveMQ OSGi integration at [1]. I am having trouble configuring the JAAS based authorisation. While JAAS based authorisation works fine, I could not make JAAS based authorisation work and get
"User xxx is not authorized to create: topic://ActiveMQ.Advisory.Connection."
I have tried PropertiesLoginModule as well as JDBCLoginModule and result is same. However, authorization work fine when I tried the ActiveMQ "simpleAuthenticationPlugin".
Digging deep into the code, I found the problem is how SecurityContext Principals (instances of UserPrincipal and RolePrincipal) are compared with instances of GroupPrincipal of ActiveMQ JAAS implementation. Below are equals method code snippet of GroupPrincipal class: 

1.  public boolean equals(Object o) {
2.         if (this == o) {
3.            return true;
4.         }
5.        if (o == null || getClass() != o.getClass()) {
6.             return false;
7.         }
8.
9.         final GroupPrincipal that = (GroupPrincipal)o;
10.
11.        if (!name.equals(that.name)) {
12.            return false;
13.        }
14
15.        return true;
16.     }
At line number 5, Object 'o' is instance of class RolePrincipal and it comparison with GroupPrincial returns false.
I am not sure what is the right solution. Asking ActiveMQ community to change the equals method or writing a Karaf specific authorization filter. 


[1] http://activemq.apache.org/osgi-integration.html

Thanks,

Raj


---------------------------------------------
Freeman Fang

FuseSource
Email:f <mailto:[email protected]>[email protected] <mailto:[email protected]> 
Web: fusesource.com <http://fusesource.com/>
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042

Reply via email to