Hi
I have been using AMQ 5.0 for a while and I have created my own
authentication plugin. When I switched to AMQ 5.1 my clients cannot connect
anymore because somehow they are not authorized to create topics or queues.
Apparently now when subscribing to a topic/queue you need to have admin
permission to do that. Is it so?
My activemq.xml looks like:
<broker xmlns="http://activemq.org/config/1.0";
brokerName="broker" dataDirectory="${activemq.base}/data"
populateJMSXUserID="true" advisorySupport="true" useJmx="true">
<plugins>
<bean name="MyLoginModule"
class=""
xmlns="">
<!-- lets configure a destination based authorization
mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry
queue=">" read="admins"
write="admins"
admin="admins" />
<authorizationEntry
queue="myqueu"
read="service"
write="users" admin="admin" />
....
</map>
</authorizationPlugin>
</plugins>
<destinations>
<queue physicalName="myqueue />
</destinations>
Upon connection I get the exception below but it works if I change the admin
permision of the queue to admin="users"
Any idea about this? Why was this change added to AMQ 5.1? Should the
configuration change?
Regards
Carlos Quiroz
java.lang.SecurityException: User 181.175 is not authorized to create:
queue://myqueue
at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:65)
at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:148)
at
org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:443)
at
org.apache.activemq.broker.TransactionBroker.send(TransactionBroker.java:224)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:325)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:268)
at
org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:260)
at
org.apache.activemq.advisory.AdvisoryBroker.addDestination(AdvisoryBroker.java:153)
at
org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
at
org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
at
org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
at
org.apache.activemq.broker.BrokerFilter.addDestination(BrokerFilter.java:141)
at
org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:71)
at
org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:148)
at
org.apache.activemq.broker.region.AbstractRegion.lookup(AbstractRegion.java:385)
at
org.apache.activemq.broker.region.AbstractRegion.addConsumer(AbstractRegion.java:219)
at
org.apache.activemq.broker.region.TopicRegion.addConsumer(TopicRegion.java:108)
at
org.apache.activemq.broker.region.RegionBroker.addConsumer(RegionBroker.java:401)
at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
at
org.apache.activemq.advisory.AdvisoryBroker.addConsumer(AdvisoryBroker.java:83)
at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
at
org.apache.activemq.broker.BrokerFilter.addConsumer(BrokerFilter.java:85)
at
org.apache.activemq.security.AuthorizationBroker.addConsumer(AuthorizationBroker.java:132)
at
org.apache.activemq.broker.MutableBrokerFilter.addConsumer(MutableBrokerFilter.java:92)
at
org.apache.activemq.broker.TransportConnection.processAddConsumer(TransportConnection.java:529)
at org.apache.activemq.command.ConsumerInfo.visit(ConsumerInfo.java:345)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:293)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:181)
at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at
org.apache.activemq.transport.stomp.StompTransportFilter.sendToActiveMQ(StompTransportFilter.java:80)
at
org.apache.activemq.transport.stomp.ProtocolConverter.sendToActiveMQ(ProtocolConverter.java:134)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompSubscribe(ProtocolConverter.java:396)
at
org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommad(ProtocolConverter.java:182)
at
org.apache.activemq.transport.stomp.StompTransportFilter.onCommand(StompTransportFilter.java:70)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:196)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:183)
at java.lang.Thread.run(Thread.java:619)
--
View this message in context:
http://www.nabble.com/Authentication-problem-in-AMQ-5.1-tp17229324s2354p17229324.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
