CODEWITHSUNDEEP
javaauthenticationjmsactivemq-classicjaas
trikelef
trikelef

Reputation: 2204

Cannot connect to ActiveMQ using JAAS authentication

I have installed an ActiveMQ broker with JAAS authentication enabled as follows:

activemq.xml

   <plugins>
            <jaasAuthenticationPlugin configuration="PropertiesLogin" />
            <authorizationPlugin>
               <map>
                   <authorizationMap>
                       <authorizationEntries>
                           <authorizationEntry queue=">" write="senders" read="receivers" admin="admins" />
                       </authorizationEntries>
                   </authorizationMap>
               </map>
            </authorizationPlugin>
    </plugins>

login.config

activemq { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties" reload=true; };

users.properties

admin=adminpass

Now I am trying from a standalone java client to connect using the following:

        ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://remote-ip:61616");
        // Create a Connection
        Connection connection = connectionFactory.createConnection("admin","adminpass");
        connection.start();

        // Create a Session
        Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);

        // Create the destination (Topic or Queue)
        Destination destination = session.createQueue("TEST.FOO");

However I get the following in client syserr:

Caused by: java.io.IOException: Configuration Error:
    Line 2: expected [{], found [activemq]
    at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
    at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:532)
    at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:445)
    at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
    at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
    at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
    at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
    ... 30 more
Caught: javax.jms.JMSSecurityException: User name [admin] or password is invalid.

And the following in amq log:

2019-10-09 14:42:29,628 | WARN  | Failed to add Connection id=ID:myhost-33642-1570621349189-4:1, clientId=ID:myhost-33642-1570621349189-0:1 due to {} | org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///myhost:33645@61616
java.lang.SecurityException: User name [admin] or password is invalid.
        at org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.10.jar:5.15.10]

Any ideas what I am doing wrong?

Upvotes: 0

Views: 1820

Answers (2)

trikelef
trikelef

Reputation: 2204

The solution to this issue was to make the following changes to my configuration:

login.config(thanks to @justin-bertram for the help)

PropertiesLogin {
    org.apache.activemq.jaas.PropertiesLoginModule required
        org.apache.activemq.jaas.properties.user="users.properties"
        org.apache.activemq.jaas.properties.group="groups.properties"
        reload=true;
};

Also setting the following lines in activemq.xml resolved the authorization issue I had: 

  <plugins>
            <jaasAuthenticationPlugin configuration="PropertiesLogin" />
            <authorizationPlugin>
               <map>
                   <authorizationMap>
                       <authorizationEntries>
                           <authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
                           <authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
                       </authorizationEntries>
                   </authorizationMap>
               </map>
            </authorizationPlugin>
    </plugins>

Upvotes: 1

Justin Bertram
Justin Bertram

Reputation: 35028

The exception is coming from the JVM itself regarding the syntax of your login.config. The content of your login.config looks fine. Try this syntax:

activemq { 
    org.apache.activemq.jaas.PropertiesLoginModule required 
        org.apache.activemq.jaas.properties.user="users.properties" 
        org.apache.activemq.jaas.properties.group="groups.properties" 
        reload=true; 
};

This should be the only thing in login.config.

Upvotes: 1

Related Questions