hi Guillaume,
Thanks for the quick reply, yep, I have tried the same thing but didn't work
servicemix.log shows the below stack trace saying the login module is not
found
java.lang.SecurityException: User name or password is invalid.
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:83)
at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:82)
at
org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:89)
at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:679)
at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:86)
at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:125)
at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:305)
at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:68)
at
org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:143)
at
org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:206)
at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:84)
at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:203)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:185)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.security.auth.login.LoginException: No LoginModules configured
for AmqLDAPLogin
at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
at
org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:75)
am attaching the activemq-broker.xml file, just incase...
thank you,
Kiran Ayyagari
Guillaume Nodet wrote:
I think the way to go is to set up the jaasAuthenticationPlugin for
ActiveMQ and use
a <jaas:config /> to set up the JAAS bits. Note that the JAAS
configuration name
should match the configuration attribute of the jaasAuthenticationPlugin afaik.
Is that what you tried ?
On Tue, Jan 6, 2009 at 09:30, ayyagarikiran <[email protected]> wrote:
hello folks,
Am trying to use org.apache.activemq.jaas.LDAPLoginModule for
authenticating the incoming connections to an
ActiveMQ destination. It is working fine when ActiveMQ running in
standalone mode.
But my attempts to achieve the same in a SMX4 environment were not
fruitful.
I have tried by setting the java.security.auth.login.config property(in
system.properties) but didn't work.
I have also tried specifying a <jaas:config> in a
<SMX4-BASE>/deploy/activemq-broker.xml spring configuration file
which also didn't work. (One more question I have with <jaas:config> type
of configuration is how do I tell ActiveMQ
about a realm name configured using SMX4 JAAS?)
Am I missing something?
Appreciate any pointers to the right place/doc :)
thank you,
Kiran Ayyagari
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans
xmlns="http://www.springframework.org/schema/beans";
xmlns:amq="http://activemq.apache.org/schema/core";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:osgi="http://www.springframework.org/schema/osgi";
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd
http://activemq.apache.org/camel/schema/spring http://activemq.apache.org/camel/schema/spring/camel-spring.xsd
http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi.xsd http://servicemix.apache.org/jaas http://localhost:8080/servicemix-jaas.xsd";>
<!-- Allows us to use system properties as variables in this configuration file -->
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<value>file:${servicemix.base}/deploy/credentials.properties</value>
</property>
</bean>
<jaas:config id="AmqLDAPLogin" xmlns:jaas="http://servicemix.apache.org/jaas";>
<jaas:module className="org.apache.activemq.jaas.LDAPLoginModule" flags="required">
debug=true
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL="ldap://localhost:10389";
connectionUsername="uid=admin,ou=system"
connectionPassword=secret
authentication=simple
userBase = "ou=users,ou=system"
userSearchMatching = "uid={0}"
connectionProtocol = ""
roleSearchMatching = ""
userRoleName = sn
</jaas:module>
</jaas:config>
<broker xmlns="http://activemq.apache.org/schema/core"; brokerName="default" dataDirectory="${servicemix.base}/data/activemq/default">
<!-- Destination specific policies using destination names or wildcards -->
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry queue=">" memoryLimit="5mb"/>
<policyEntry topic=">" memoryLimit="5mb">
<subscriptionRecoveryPolicy>
<lastImageSubscriptionRecoveryPolicy/>
</subscriptionRecoveryPolicy>
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<!-- Use the following to configure how ActiveMQ is exposed in JMX -->
<managementContext>
<managementContext createConnector="false"/>
</managementContext>
<!-- The store and forward broker networks ActiveMQ will listen to -->
<networkConnectors>
<!-- by default just auto discover the other brokers -->
<!-- <networkConnector name="default-nc" uri="multicast://default"/> -->
<!-- Example of a static configuration:
<networkConnector name="host1 and host2" uri="static://(tcp://host1:61616,tcp://host2:61616)"/>
-->
</networkConnectors>
<persistenceAdapter>
<amqPersistenceAdapter syncOnWrite="false" directory="${servicemix.base}/data/activemq/default" maxFileLength="20 mb"/>
</persistenceAdapter>
<plugins>
<!-- use JAAS to authenticate using the login.config file on the classpath to configure JAAS -->
<jaasAuthenticationPlugin configuration="AmqLDAPLogin" />
<!-- lets configure a destination based authorization mechanism -->
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" read="admins" write="admins" admin="admins" />
<authorizationEntry queue="USERS.>" read="users" write="users" admin="users" />
<authorizationEntry queue="GUEST.>" read="guests" write="guests,users" admin="guests,users" />
<authorizationEntry topic=">" read="admins" write="admins" admin="admins" />
<authorizationEntry topic="USERS.>" read="users" write="users" admin="users" />
<authorizationEntry topic="GUEST.>" read="guests" write="guests,users" admin="guests,users" />
<authorizationEntry topic="ActiveMQ.Advisory.>" read="guests,users" write="guests,users" admin="guests,users"/>
</authorizationEntries>
<!-- let's assign roles to temporary destinations. comment this entry if we don't want any roles assigned to temp destinations -->
<tempDestinationAuthorizationEntry>
<tempDestinationAuthorizationEntry read="admins" write="admins" admin="admins"/>
</tempDestinationAuthorizationEntry>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
<!-- Use the following if you wish to configure the journal with JDBC -->
<!--
<persistenceAdapter>
<journaledJDBC dataDirectory="${activemq.base}/data" dataSource="#postgres-ds"/>
</persistenceAdapter>
-->
<!-- Or if you want to use pure JDBC without a journal -->
<!--
<persistenceAdapter>
<jdbcPersistenceAdapter dataSource="#postgres-ds"/>
</persistenceAdapter>
-->
<!-- The maximum about of space the broker will use before slowing down producers -->
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage limit="20 mb"/>
</memoryUsage>
<storeUsage>
<storeUsage limit="1 gb" name="foo"/>
</storeUsage>
<tempUsage>
<tempUsage limit="100 mb"/>
</tempUsage>
</systemUsage>
</systemUsage>
<!-- The transport connectors ActiveMQ will listen to -->
<transportConnectors>
<transportConnector name="openwire" uri="tcp://localhost:61616" discoveryUri="multicast://default"/>
<transportConnector name="stomp" uri="stomp://localhost:61613"/>
</transportConnectors>
</broker>
<bean id="activemqConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="tcp://localhost:61616" />
</bean>
<bean id="pooledConnectionFactory" class="org.apache.activemq.pool.PooledConnectionFactoryBean">
<property name="maxConnections" value="8" />
<property name="maximumActive" value="500" />
<property name="transactionManager" ref="transactionManager" />
<property name="connectionFactory" ref="activemqConnectionFactory" />
<property name="resourceName" value="activemq.default" />
</bean>
<bean id="resourceManager" class="org.apache.activemq.pool.ActiveMQResourceManager" init-method="recoverResource">
<property name="transactionManager" ref="transactionManager" />
<property name="connectionFactory" ref="activemqConnectionFactory" />
<property name="resourceName" value="activemq.default" />
</bean>
<osgi:reference id="transactionManager" interface="javax.transaction.TransactionManager"
cardinality="0..1"/>
<osgi:service ref="pooledConnectionFactory">
<osgi:interfaces>
<value>javax.jms.ConnectionFactory</value>
</osgi:interfaces>
<osgi:service-properties>
<entry key="name" value="default"/>
</osgi:service-properties>
</osgi:service>
</beans>
