ActiveMQ Simple Authentication Plugin - user admin is not authorized to create: topic://ActiveMQ.Advisory.Connection

Question

I modified our ActiveMQ configuration to use ActiveMQ Simple Authentication Plugin with a single user and password that has all rights to the broker

    <plugins>
        <simpleAuthenticationPlugin>
            <users>
                    <authenticationUser
                    username="admin"
                    password="pass"
                    groups="admins,publishers,consumers" />
            </users>
        </simpleAuthenticationPlugin>
     <authorizationPlugin>
          <map>
              <authorizationMap>
                  <authorizationEntries>
                      <authorizationEntry queue=">" write="producers" read="consumers" admin="admins" />
                  </authorizationEntries>
              </authorizationMap>
          </map>
      </authorizationPlugin>

    </plugins>

My java web app was previously creating an instance of ActiveMQConnectionFactory by calling createConnection() without any arguments.

    connection = (ActiveMQConnection)connectionFactory.createConnection();

I modified my code to pass the username and password strings defined in my ActiveMQ Simple Authentication Plugin configuration to the overloaded version of the createConnection() method

    String username = "admin";
    String password = "pass";
    connection = (ActiveMQConnection)connectionFactory.createConnection(username, password);

I'm able to compile my code cleanly, but receive 'user is not able to create topic' errors when deploying

    10:51:03,831 ERROR [stderr] (MSC service thread 1-11) javax.jms.JMSException: User admin is not authorized to create: topic://ActiveMQ.Advisory.Connection
    10:51:03,832 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
    10:51:03,832 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1295)
    10:51:03,833 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1392)
    10:51:03,834 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:309)
    10:51:03,834 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.ActiveMQConnection.createQueueSession(ActiveMQConnection.java:1232)
    10:51:03,835 ERROR [stderr] (MSC service thread 1-11)   at com.company.app.anywhere.common.jms.JMSClient.<init>(JMSClient.java:74)
    10:51:03,836 ERROR [stderr] (MSC service thread 1-11)   at com.company.app.anywhere.common.jms.JMSListenerServletTemplate.startJMSConnection(JMSListenerServletTemplate.java:83)
    10:51:03,836 ERROR [stderr] (MSC service thread 1-11)   at com.company.app.anywhere.common.jms.JMSListenerServletTemplate.init(JMSListenerServletTemplate.java:64)
    10:51:03,837 ERROR [stderr] (MSC service thread 1-11)   at com.company.app.anywhere.common.jms.JMSAnywhereServlet.init(JMSAnywhereServlet.java:190)
    10:51:03,837 ERROR [stderr] (MSC service thread 1-11)   at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1202)
    10:51:03,838 ERROR [stderr] (MSC service thread 1-11)   at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1102)
    10:51:03,838 ERROR [stderr] (MSC service thread 1-11)   at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3655)
    10:51:03,838 ERROR [stderr] (MSC service thread 1-11)   at org.apache.catalina.core.StandardContext.start(StandardContext.java:3873)
    10:51:03,839 ERROR [stderr] (MSC service thread 1-11)   at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90)
    10:51:03,839 ERROR [stderr] (MSC service thread 1-11)   at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
    10:51:03,840 ERROR [stderr] (MSC service thread 1-11)   at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
    10:51:03,840 ERROR [stderr] (MSC service thread 1-11)   at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    10:51:03,841 ERROR [stderr] (MSC service thread 1-11)   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    10:51:03,841 ERROR [stderr] (MSC service thread 1-11)   at java.lang.Thread.run(Thread.java:680)
    10:51:03,842 ERROR [stderr] (MSC service thread 1-11) Caused by: java.lang.SecurityException: User admin is not authorized to create: topic://ActiveMQ.Advisory.Connection
    10:51:03,842 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:76)
    10:51:03,843 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
    10:51:03,843 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:502)
    10:51:03,844 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:515)
    10:51:03,844 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:446)
    10:51:03,844 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:441)
    10:51:03,845 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.advisory.AdvisoryBroker.addConnection(AdvisoryBroker.java:73)
    10:51:03,846 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
    10:51:03,846 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
    10:51:03,847 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
    10:51:03,848 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.security.SimpleAuthenticationBroker.addConnection(SimpleAuthenticationBroker.java:96)
    10:51:03,848 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
    10:51:03,849 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
    10:51:03,850 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:692)
    10:51:03,851 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:83)
    10:51:03,851 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:137)
    10:51:03,852 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:306)
    10:51:03,853 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
    10:51:03,854 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
    10:51:03,854 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
    10:51:03,858 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
    10:51:03,859 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.transport.TransportLogger.onCommand(TransportLogger.java:114)
    10:51:03,860 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
    10:51:03,860 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:220)
    10:51:03,861 ERROR [stderr] (MSC service thread 1-11)   at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:202)
    10:51:03,861 ERROR [stderr] (MSC service thread 1-11)   ... 1 more

This seemed straightforward. I wonder if there is something wrong with the way I set up the createConnection() call? Any advice appreciated.

Edit: I've tried adding authorizationPlugin to my config - it seems to produce the same types of errors

Jakub Korab · Accepted Answer

Your existing config only applies to queues. Try adding:

<authorizationEntry topic=">" write="producers" read="consumers" admin="admins" />

ActiveMQ Simple Authentication Plugin - user admin is not authorized to create: topic://ActiveMQ.Advisory.Connection

Tags:

java

activemq

user619804

1 Answers

Jakub Korab

Recent Activity

Donate For Us

ActiveMQ Simple Authentication Plugin - user admin is not authorized to create: topic://ActiveMQ.Advisory.Connection

Tags:

java

activemq

user619804

1 Answers

Jakub Korab

Related questions

Recent Activity

Donate For Us