用户没有权限=在 Artemis 2.10.1 中使用自定义 JAAS 模块发送
User does not have permission=SEND with custom JAAS module in Artemis 2.10.1
我正在使用自定义 JAAS 模块,需要在 login.config、artemis.profile 和 broker.xml 中更改配置。
login.config:
activemq { test.JaasLoginModule required debug=false; };
JaasLoginModule.java:
public boolean commit() throws LoginException {
if (succeeded) {
principals.add(new UserPrincipal("test_user"));
principals.add(new RolePrincipal("amq"));//setting the role
subject.getPrincipals().addAll(principals);
}
return succeeded;
}
public boolean login() throws LoginException {
//Here I am returning true with the hardcoded user details
}
}
artemis.profile:
JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=test.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"
broker.xml:
<security-settings>
<security-setting match="#">
<permission roles="amq" type="createAddress"/>
<permission roles="amq" type="send"/>
</security-setting>
</security-settings>
客户端代码如下:
Properties p = new Properties();
p.put("java.naming.factory.initial", "org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory");
p.put("connectionFactory.ConnectionFactory", "tcp://localhost:61616");
p.put("queue.queue/testQueue", "testQueue");
initialContext = new InitialContext(p);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
connection = cf.createConnection("test_user", "Test#123");
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer producer = session.createProducer(queue);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
TextMessage message = session.createTextMessage("This is a text message");
producer.send(message);
我遇到以下错误:
Exception in thread "main" javax.jms.JMSSecurityException: AMQ229032: User:**** does not have permission='SEND' on address testQueue
问题已解决。我的自定义 JAAS 模块加载到 artemis 中,能够验证和授权客户端进行消息传递。我的模块不工作的原因是因为我在 JAAS 模块中使用我的自定义 RolePrincipal class:
-Dhawtio.rolePrincipalClasses=test.UserPrincipal
如果我使用 Artemis API 的那个,它工作正常。
-Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal
artemis.profile:
JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"
我正在使用自定义 JAAS 模块,需要在 login.config、artemis.profile 和 broker.xml 中更改配置。
login.config:
activemq { test.JaasLoginModule required debug=false; };
JaasLoginModule.java:
public boolean commit() throws LoginException {
if (succeeded) {
principals.add(new UserPrincipal("test_user"));
principals.add(new RolePrincipal("amq"));//setting the role
subject.getPrincipals().addAll(principals);
}
return succeeded;
}
public boolean login() throws LoginException {
//Here I am returning true with the hardcoded user details
}
}
artemis.profile:
JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=test.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"
broker.xml:
<security-settings>
<security-setting match="#">
<permission roles="amq" type="createAddress"/>
<permission roles="amq" type="send"/>
</security-setting>
</security-settings>
客户端代码如下:
Properties p = new Properties();
p.put("java.naming.factory.initial", "org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory");
p.put("connectionFactory.ConnectionFactory", "tcp://localhost:61616");
p.put("queue.queue/testQueue", "testQueue");
initialContext = new InitialContext(p);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
connection = cf.createConnection("test_user", "Test#123");
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer producer = session.createProducer(queue);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
TextMessage message = session.createTextMessage("This is a text message");
producer.send(message);
我遇到以下错误:
Exception in thread "main" javax.jms.JMSSecurityException: AMQ229032: User:**** does not have permission='SEND' on address testQueue
问题已解决。我的自定义 JAAS 模块加载到 artemis 中,能够验证和授权客户端进行消息传递。我的模块不工作的原因是因为我在 JAAS 模块中使用我的自定义 RolePrincipal class:
-Dhawtio.rolePrincipalClasses=test.UserPrincipal
如果我使用 Artemis API 的那个,它工作正常。
-Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal
artemis.profile:
JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"