I modified our ActiveMQ configuration to use ActiveMQ Simple Authentication Plugin with a single user and password that has all rights to the broker
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser
username="admin"
password="pass"
groups="admins,publishers,consumers" />
</users>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="producers" read="consumers" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
My java web app was previously creating an instance of ActiveMQConnectionFactory by calling createConnection() without any arguments.
connection = (ActiveMQConnection)connectionFactory.createConnection();
I modified my code to pass the username and password strings defined in my ActiveMQ Simple Authentication Plugin configuration to the overloaded version of the createConnection() method
String username = "admin";
String password = "pass";
connection = (ActiveMQConnection)connectionFactory.createConnection(username, password);
I'm able to compile my code cleanly, but receive 'user is not able to create topic' errors when deploying
10:51:03,831 ERROR [stderr] (MSC service thread 1-11) javax.jms.JMSException: User admin is not authorized to create: topic://ActiveMQ.Advisory.Connection
10:51:03,832 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:49)
10:51:03,832 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1295)
10:51:03,833 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1392)
10:51:03,834 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:309)
10:51:03,834 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.ActiveMQConnection.createQueueSession(ActiveMQConnection.java:1232)
10:51:03,835 ERROR [stderr] (MSC service thread 1-11) at com.company.app.anywhere.common.jms.JMSClient.<init>(JMSClient.java:74)
10:51:03,836 ERROR [stderr] (MSC service thread 1-11) at com.company.app.anywhere.common.jms.JMSListenerServletTemplate.startJMSConnection(JMSListenerServletTemplate.java:83)
10:51:03,836 ERROR [stderr] (MSC service thread 1-11) at com.company.app.anywhere.common.jms.JMSListenerServletTemplate.init(JMSListenerServletTemplate.java:64)
10:51:03,837 ERROR [stderr] (MSC service thread 1-11) at com.company.app.anywhere.common.jms.JMSAnywhereServlet.init(JMSAnywhereServlet.java:190)
10:51:03,837 ERROR [stderr] (MSC service thread 1-11) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1202)
10:51:03,838 ERROR [stderr] (MSC service thread 1-11) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1102)
10:51:03,838 ERROR [stderr] (MSC service thread 1-11) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3655)
10:51:03,838 ERROR [stderr] (MSC service thread 1-11) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3873)
10:51:03,839 ERROR [stderr] (MSC service thread 1-11) at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90)
10:51:03,839 ERROR [stderr] (MSC service thread 1-11) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
10:51:03,840 ERROR [stderr] (MSC service thread 1-11) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
10:51:03,840 ERROR [stderr] (MSC service thread 1-11) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
10:51:03,841 ERROR [stderr] (MSC service thread 1-11) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
10:51:03,841 ERROR [stderr] (MSC service thread 1-11) at java.lang.Thread.run(Thread.java:680)
10:51:03,842 ERROR [stderr] (MSC service thread 1-11) Caused by: java.lang.SecurityException: User admin is not authorized to create: topic://ActiveMQ.Advisory.Connection
10:51:03,842 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.security.AuthorizationBroker.addDestination(AuthorizationBroker.java:76)
10:51:03,843 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.MutableBrokerFilter.addDestination(MutableBrokerFilter.java:151)
10:51:03,843 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.region.RegionBroker.send(RegionBroker.java:502)
10:51:03,844 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:515)
10:51:03,844 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:446)
10:51:03,844 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.advisory.AdvisoryBroker.fireAdvisory(AdvisoryBroker.java:441)
10:51:03,845 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.advisory.AdvisoryBroker.addConnection(AdvisoryBroker.java:73)
10:51:03,846 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
10:51:03,846 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
10:51:03,847 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
10:51:03,848 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.security.SimpleAuthenticationBroker.addConnection(SimpleAuthenticationBroker.java:96)
10:51:03,848 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:85)
10:51:03,849 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.MutableBrokerFilter.addConnection(MutableBrokerFilter.java:91)
10:51:03,850 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:692)
10:51:03,851 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:83)
10:51:03,851 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:137)
10:51:03,852 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:306)
10:51:03,853 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:179)
10:51:03,854 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:69)
10:51:03,854 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:113)
10:51:03,858 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.transport.InactivityMonitor.onCommand(InactivityMonitor.java:227)
10:51:03,859 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.transport.TransportLogger.onCommand(TransportLogger.java:114)
10:51:03,860 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)
10:51:03,860 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:220)
10:51:03,861 ERROR [stderr] (MSC service thread 1-11) at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:202)
10:51:03,861 ERROR [stderr] (MSC service thread 1-11) ... 1 more
This seemed straightforward. I wonder if there is something wrong with the way I set up the createConnection()
call? Any advice appreciated.
Edit: I've tried adding authorizationPlugin to my config - it seems to produce the same types of errors
Your existing config only applies to queues. Try adding:
<authorizationEntry topic=">" write="producers" read="consumers" admin="admins" />
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With