Redhat Jboss AMQ 7.0.1 证书基础身份验证失败
Redhat Jboss AMQ 7.0.1 certificate base authentication failed
我正在尝试为 Jboss AMQ 7.0.1 实施基于证书的身份验证
我根据 AMQ 示例 "ssl-enabled-dual-authentication" 设置了客户端和代理端
但是我收到以下错误
[org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager]
Couldn't validate user:
javax.security.auth.login.FailedLoginException: User is null
我正在尝试使用 Apache Qpid AMQP1.0 客户端。
虽然我已经配置了 cert base 登录配置,但似乎 jaas
PropertiesLoginModule
正在调用。
以下是服务器堆栈跟踪。
14:24:03,324 DEBUG
[org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager]
Couldn't validate user:
javax.security.auth.login.FailedLoginException: User is null
at org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:89)
[artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[rt.jar:1.8.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[rt.jar:1.8.0_131]
at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_131]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
[rt.jar:1.8.0_131]
at javax.security.auth.login.LoginContext.access[=13=]0(LoginContext.java:195)
[rt.jar:1.8.0_131]
at javax.security.auth.login.LoginContext.run(LoginContext.java:682)
[rt.jar:1.8.0_131]
at javax.security.auth.login.LoginContext.run(LoginContext.java:680)
[rt.jar:1.8.0_131]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_131]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
[rt.jar:1.8.0_131]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
[rt.jar:1.8.0_131]
at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.getAuthenticatedSubject(ActiveMQJAASSecurityManager.java:185)
[artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2]
at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.validateUser(ActiveMQJAASSecurityManager.java:94)
[artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2]
at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:128)
[artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2]
at org.apache.activemq.artemis.protocol.amqp.broker.AMQPConnectionCallback.isSupportsAnonymous(AMQPConnectionCallback.java:104)
[artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:]
at org.apache.activemq.artemis.protocol.amqp.broker.AMQPConnectionCallback.getSASLMechnisms(AMQPConnectionCallback.java:92)
[artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:]
at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.onAuthInit(AMQPConnectionContext.java:315)
[artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:]
at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.dispatchAuth(ProtonHandler.java:309)
[artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:]
at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.inputBuffer(ProtonHandler.java:204)
[artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:]
at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.inputBuffer(AMQPConnectionContext.java:120)
[artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:]
at org.apache.activemq.artemis.protocol.amqp.broker.ActiveMQProtonRemotingConnection.bufferReceived(ActiveMQProtonRemotingConnection.java:138)
[artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:]
at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:628)
[artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2]
at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:69)
[artemis-core-client-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.handler.codec.ByteToMessageDecoder.handlerRemoved(ByteToMessageDecoder.java:219)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.DefaultChannelPipeline.callHandlerRemoved0(DefaultChannelPipeline.java:631)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:468)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:428)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.decode(ProtocolHandler.java:185)
[artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.channelRead(ProtocolHandler.java:128)
[artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1066)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:900) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:972)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:386)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:302)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at io.netty.util.concurrent.SingleThreadEventExecutor.run(SingleThreadEventExecutor.java:873)
[netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_131]
AMQP 客户端未实现基于证书的身份验证。 AMQP 客户端的身份验证是通过 SASL 实现的,唯一实现的 SASL 机制是 PLAIN 和 ANONYMOUS。我不知道支持通过 SSL 证书进行身份验证的 SASL 机制。
需要说明的是,目前为 "core"、OpenWire、STOMP 和 MQTT 客户端(none 使用 SASL)实现了基于证书的身份验证。
我正在尝试为 Jboss AMQ 7.0.1 实施基于证书的身份验证 我根据 AMQ 示例 "ssl-enabled-dual-authentication" 设置了客户端和代理端 但是我收到以下错误
[org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager] Couldn't validate user: javax.security.auth.login.FailedLoginException: User is null
我正在尝试使用 Apache Qpid AMQP1.0 客户端。 虽然我已经配置了 cert base 登录配置,但似乎 jaas
PropertiesLoginModule
正在调用。
以下是服务器堆栈跟踪。
14:24:03,324 DEBUG [org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager] Couldn't validate user: javax.security.auth.login.FailedLoginException: User is null at org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule.login(PropertiesLoginModule.java:89) [artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_131] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_131] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_131] at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_131] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) [rt.jar:1.8.0_131] at javax.security.auth.login.LoginContext.access[=13=]0(LoginContext.java:195) [rt.jar:1.8.0_131] at javax.security.auth.login.LoginContext.run(LoginContext.java:682) [rt.jar:1.8.0_131] at javax.security.auth.login.LoginContext.run(LoginContext.java:680) [rt.jar:1.8.0_131] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_131] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0_131] at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0_131] at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.getAuthenticatedSubject(ActiveMQJAASSecurityManager.java:185) [artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2] at org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.validateUser(ActiveMQJAASSecurityManager.java:94) [artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2] at org.apache.activemq.artemis.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:128) [artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2] at org.apache.activemq.artemis.protocol.amqp.broker.AMQPConnectionCallback.isSupportsAnonymous(AMQPConnectionCallback.java:104) [artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:] at org.apache.activemq.artemis.protocol.amqp.broker.AMQPConnectionCallback.getSASLMechnisms(AMQPConnectionCallback.java:92) [artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:] at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.onAuthInit(AMQPConnectionContext.java:315) [artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:] at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.dispatchAuth(ProtonHandler.java:309) [artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:] at org.apache.activemq.artemis.protocol.amqp.proton.handler.ProtonHandler.inputBuffer(ProtonHandler.java:204) [artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:] at org.apache.activemq.artemis.protocol.amqp.proton.AMQPConnectionContext.inputBuffer(AMQPConnectionContext.java:120) [artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:] at org.apache.activemq.artemis.protocol.amqp.broker.ActiveMQProtonRemotingConnection.bufferReceived(ActiveMQProtonRemotingConnection.java:138) [artemis-amqp-protocol-2.0.0.amq-700008-redhat-2.jar:] at org.apache.activemq.artemis.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:628) [artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2] at org.apache.activemq.artemis.core.remoting.impl.netty.ActiveMQChannelHandler.channelRead(ActiveMQChannelHandler.java:69) [artemis-core-client-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.handler.codec.ByteToMessageDecoder.handlerRemoved(ByteToMessageDecoder.java:219) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.DefaultChannelPipeline.callHandlerRemoved0(DefaultChannelPipeline.java:631) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:468) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.DefaultChannelPipeline.remove(DefaultChannelPipeline.java:428) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.decode(ProtocolHandler.java:185) [artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at org.apache.activemq.artemis.core.protocol.ProtocolHandler$ProtocolDecoder.channelRead(ProtocolHandler.java:128) [artemis-server-2.0.0.amq-700008-redhat-2.jar:2.0.0.amq-700008-redhat-2] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1066) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:900) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:350) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:372) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:358) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:972) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:386) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:302) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at io.netty.util.concurrent.SingleThreadEventExecutor.run(SingleThreadEventExecutor.java:873) [netty-all-4.1.5.Final-redhat-1.jar:4.1.5.Final-redhat-1] at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_131]
AMQP 客户端未实现基于证书的身份验证。 AMQP 客户端的身份验证是通过 SASL 实现的,唯一实现的 SASL 机制是 PLAIN 和 ANONYMOUS。我不知道支持通过 SSL 证书进行身份验证的 SASL 机制。
需要说明的是,目前为 "core"、OpenWire、STOMP 和 MQTT 客户端(none 使用 SASL)实现了基于证书的身份验证。