使用身份验证插件后,网桥失败

时间:2019-04-18 08:07:23

标签: activemq

在代理到代理连接中使用身份验证插件后,网桥失败。

我们正在使用Apache ActiveMQ版本5.15.8。

我们已经使用ssh隧道创建了Broker to Broker ActiveMQ网络。 Broker-A正在排队消息,并且消息正在Broker-B端出队。 我们添加了以下配置,以限制Broker-A创建指定队列以外的新队列。

以下是Broker-B的配置: a)在activemq.xml中添加的内容

<plugins>
  <simpleAuthenticationPlugin>
      <users>
          <authenticationUser username="admin" password=" adminpassword" groups="admins,all" />
          <authenticationUser username="test" password="testpassword " groups="admins,all" />
      </users>
  </simpleAuthenticationPlugin>
  <jaasAuthenticationPlugin configuration="activemq" />
  <authorizationPlugin>
    <map>
      <authorizationMap>
        <authorizationEntries>
          <authorizationEntry queue="demo.test " read="admins" write="admins" admin="admins" />
          <authorizationEntry topic="ActiveMQ.Advisory.>" read="admins" write="admins" admin="admins"/>
        </authorizationEntries>
      </authorizationMap>
    </map>
  </authorizationPlugin>
</plugins>

b)users.properties的内容

admin= adminpassword
test= testpassword

c)groups.properties的内容

admins=admin,test
all=admin,test

d)certificate.properties的内容

activemq.username=admin
activemq.password= adminpassword

e)jetty-realm.properties的内容

admin: adminpassword, admin
test: testpassword, admin

以下是Broker-A上的配置: a)在activemq.xml中添加的内容

<networkConnectors>
        <networkConnector name="testlinkconnector" userName="admin" password=" adminpassword " uri="static:(tcp://127.0.0.1:61618)?connection.useCompression=true" staticBridge="true">
            <staticallyIncludedDestinations>
               <queue physicalName=" demo.test"/>
            </staticallyIncludedDestinations>
        </networkConnector>

如果我们仅在Broker-B配置中添加插件,那么在Broker-A与Broker-B之间的网桥连接正常。

但是在添加和Broker-B配置时,网桥连接不起作用。 我们在Broker-A端遇到错误。

2019-04-18 05:04:20,932 | INFO  | localhost bridge to localhost stopped | org.apache.activemq.network.DemandForwardingBridgeSupport | ActiveMQ BrokerService[localhost] Task-2263
2019-04-18 05:04:50,930 | INFO  | Establishing network connection from vm://localhost to tcp://127.0.0.1:61618 | org.apache.activemq.network.DiscoveryNetworkConnector | ActiveMQ Task-2
2019-04-18 05:04:50,973 | INFO  | Network connection between vm://localhost#4146 and tcp:///127.0.0.1:61618@37514 (localhost) has been established. | org.apache.activemq.network.DemandForwardingBridgeSupport | triggerStartAsyncNetworkBridgeCreation: remoteBroker=tcp:///127.0.0.1:61618@37514, localBroker= vm://localhost#4146
2019-04-18 05:04:50,977 | ERROR | Network connection between vm://localhost#4146 and tcp:///127.0.0.1:61618@37514 shutdown due to a remote error: {} | org.apache.activemq.network.DemandForwardingBridgeSupport | ActiveMQ Transport: tcp:///127.0.0.1:61618@37514
java.lang.SecurityException: User name [admin] or password is invalid.
        at org.apache.activemq.security.JaasAuthenticationBroker.authenticate(JaasAuthenticationBroker.java:97)[activemq-broker-5.15.8.jar:5.15.8]
        at org.apache.activemq.security.JaasAuthenticationBroker.addConnection(JaasAuthenticationBroker.java:68)[activemq-broker-5.15.8.jar:5.15.8]
        at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.8.jar:5.15.8]
        at org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.8.jar:5.15.8]
        at org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.8.jar:5.15.8]
        at org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.8.jar:5.15.8]
        at org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.8.jar:5.15.8]
        at org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.8.jar:5.15.8]
        at org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.8.jar:5.15.8]
        at org.apache.activemq.transport.MutexTransport.onCommand(MutexTransport.java:50)[activemq-client-5.15.8.jar:5.15.8]
        at org.apache.activemq.transport.WireFormatNegotiator.onCommand(WireFormatNegotiator.java:125)[activemq-client-5.15.8.jar:5.15.8]
        at org.apache.activemq.transport.AbstractInactivityMonitor.onCommand(AbstractInactivityMonitor.java:301)[activemq-client-5.15.8.jar:5.15.8]
        at org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.8.jar:5.15.8]
        at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.8.jar:5.15.8]
        at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.8.jar:5.15.8]
        at java.lang.Thread.run(Thread.java:748)[:1.8.0_191]

我们希望Broker-A仅在具有适当凭据的情况下才能发送消息,并且Broker-A只能在Broker-B端创建消息或将消息发送到特定队列(demo.test)。 Broker-A如果不存在,则只能在Broker-B端创建demo.test队列。具有适当凭据的Broker-A不应在Broker-B端创建任何消息或将消息发送到任何其他队列。

0 个答案:

没有答案
相关问题
最新问题