用户没有权限=在 Artemis 2.10.1 中使用自定义 JAAS 模块发送

User does not have permission=SEND with custom JAAS module in Artemis 2.10.1

我正在使用自定义 JAAS 模块,需要在 login.configartemis.profilebroker.xml 中更改配置。

login.config:

activemq { test.JaasLoginModule required debug=false; };

JaasLoginModule.java:

    public boolean commit() throws LoginException {
        if (succeeded) {
            principals.add(new UserPrincipal("test_user"));
            principals.add(new RolePrincipal("amq"));//setting the role
            subject.getPrincipals().addAll(principals);
        }
        return succeeded;
    }
    public boolean login() throws LoginException {
     //Here I am returning true with the hardcoded user details
    }
}

artemis.profile:

JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=test.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"

broker.xml:

<security-settings>
   <security-setting match="#">
      <permission roles="amq" type="createAddress"/>
      <permission roles="amq" type="send"/>
   </security-setting>
</security-settings>

客户端代码如下:

Properties p = new Properties();
p.put("java.naming.factory.initial", "org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory");
p.put("connectionFactory.ConnectionFactory", "tcp://localhost:61616");
p.put("queue.queue/testQueue", "testQueue");
initialContext = new InitialContext(p);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
connection = cf.createConnection("test_user", "Test#123");
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer producer = session.createProducer(queue);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
TextMessage message = session.createTextMessage("This is a text message");
producer.send(message);

我遇到以下错误:

Exception in thread "main" javax.jms.JMSSecurityException: AMQ229032: User:**** does not have permission='SEND' on address testQueue

问题已解决。我的自定义 JAAS 模块加载到 artemis 中,能够验证和授权客户端进行消息传递。我的模块不工作的原因是因为我在 JAAS 模块中使用我的自定义 RolePrincipal class:

-Dhawtio.rolePrincipalClasses=test.UserPrincipal

如果我使用 Artemis API 的那个,它工作正常。

-Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal

artemis.profile:

JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"