无法使用 JAAS 身份验证连接到 ActiveMQ
Cannot connect to ActiveMQ using JAAS authentication
我安装了一个启用了 JAAS 身份验证的 ActiveMQ 代理,如下所示:
activemq.xml
<plugins>
<jaasAuthenticationPlugin configuration="PropertiesLogin" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="senders" read="receivers" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
login.config
activemq { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties" reload=true; };
users.properties
admin=adminpass
现在我正在尝试从独立的 java 客户端使用以下内容进行连接:
ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://remote-ip:61616");
// Create a Connection
Connection connection = connectionFactory.createConnection("admin","adminpass");
connection.start();
// Create a Session
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
// Create the destination (Topic or Queue)
Destination destination = session.createQueue("TEST.FOO");
但是我在客户端 syserr 中得到以下信息:
Caused by: java.io.IOException: Configuration Error:
Line 2: expected [{], found [activemq]
at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:532)
at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:445)
at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
... 30 more
Caught: javax.jms.JMSSecurityException: User name [admin] or password is invalid.
以及 amq 日志中的以下内容:
2019-10-09 14:42:29,628 | WARN | Failed to add Connection id=ID:myhost-33642-1570621349189-4:1, clientId=ID:myhost-33642-1570621349189-0:1 due to {} | org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///myhost:33645@61616
java.lang.SecurityException: User name [admin] or password is invalid.
at org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.10.jar:5.15.10]
知道我做错了什么吗?
关于您的 login.config 语法的异常来自 JVM 本身。您 login.config 的内容看起来不错。试试这个语法:
activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};
这应该是唯一在login.config中的东西。
此问题的解决方案是对我的配置进行以下更改:
login.config(感谢@justin-bertram的帮助)
PropertiesLogin {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};
还在 activemq.xml 中设置以下行解决了我遇到的授权问题:
<plugins>
<jaasAuthenticationPlugin configuration="PropertiesLogin" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
我安装了一个启用了 JAAS 身份验证的 ActiveMQ 代理,如下所示:
activemq.xml
<plugins>
<jaasAuthenticationPlugin configuration="PropertiesLogin" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="senders" read="receivers" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>
login.config
activemq { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties" reload=true; };
users.properties
admin=adminpass
现在我正在尝试从独立的 java 客户端使用以下内容进行连接:
ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory("tcp://remote-ip:61616");
// Create a Connection
Connection connection = connectionFactory.createConnection("admin","adminpass");
connection.start();
// Create a Session
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
// Create the destination (Topic or Queue)
Destination destination = session.createQueue("TEST.FOO");
但是我在客户端 syserr 中得到以下信息:
Caused by: java.io.IOException: Configuration Error:
Line 2: expected [{], found [activemq]
at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:532)
at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:445)
at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
... 30 more
Caught: javax.jms.JMSSecurityException: User name [admin] or password is invalid.
以及 amq 日志中的以下内容:
2019-10-09 14:42:29,628 | WARN | Failed to add Connection id=ID:myhost-33642-1570621349189-4:1, clientId=ID:myhost-33642-1570621349189-0:1 due to {} | org.apache.activemq.broker.TransportConnection | ActiveMQ Transport: tcp:///myhost:33645@61616
java.lang.SecurityException: User name [admin] or password is invalid.
at org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.10.jar:5.15.10]
知道我做错了什么吗?
关于您的 login.config 语法的异常来自 JVM 本身。您 login.config 的内容看起来不错。试试这个语法:
activemq {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};
这应该是唯一在login.config中的东西。
此问题的解决方案是对我的配置进行以下更改:
login.config(感谢@justin-bertram的帮助)
PropertiesLogin {
org.apache.activemq.jaas.PropertiesLoginModule required
org.apache.activemq.jaas.properties.user="users.properties"
org.apache.activemq.jaas.properties.group="groups.properties"
reload=true;
};
还在 activemq.xml 中设置以下行解决了我遇到的授权问题:
<plugins>
<jaasAuthenticationPlugin configuration="PropertiesLogin" />
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>