用户没有权限=使用Artemis 2.10.1中的自定义JAAS模块发送

时间:2019-12-11 08:05:29

标签: jms jaas activemq-artemis

我正在使用自定义JAAS模块,并在login.configartemis.profilebroker.xml中进行了必要的配置更改。

login.config 

activemq { test.JaasLoginModule required debug=false; };

JaasLoginModule.java 

    public boolean commit() throws LoginException {
        if (succeeded) {
            principals.add(new UserPrincipal("test_user"));
            principals.add(new RolePrincipal("amq"));//setting the role
            subject.getPrincipals().addAll(principals);
        }
        return succeeded;
    }
    public boolean login() throws LoginException {
     //Here I am returning true with the hardcoded user details
    }
}

artemis.profile 

JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=test.RolePrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"

broker.xml 

<security-settings>
   <security-setting match="#">
      <permission roles="amq" type="createAddress"/>
      <permission roles="amq" type="send"/>
   </security-setting>
</security-settings>

这是客户端代码:

Properties p = new Properties();
p.put("java.naming.factory.initial", "org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory");
p.put("connectionFactory.ConnectionFactory", "tcp://localhost:61616");
p.put("queue.queue/testQueue", "testQueue");
initialContext = new InitialContext(p);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
ConnectionFactory cf = (ConnectionFactory) initialContext.lookup("ConnectionFactory");
connection = cf.createConnection("test_user", "Test#123");
Session session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
MessageProducer producer = session.createProducer(queue);
Queue queue = (Queue) initialContext.lookup("queue/testQueue");
TextMessage message = session.createTextMessage("This is a text message");
producer.send(message);

我遇到以下错误:

Exception in thread "main" javax.jms.JMSSecurityException: AMQ229032: User:**** does not have permission='SEND' on address testQueue

1 个答案:

答案 0 :(得分:0)

问题已解决。我的自定义JAAS模块已加载到artemis中,并且能够对客户端进行身份验证和授权以进行消息传递。我的模块无法正常工作的原因是因为我在JAAS模块中使用了自定义RolePrincipal类:

-Dhawtio.rolePrincipalClasses=test.UserPrincipal

如果我使用Artemis API中的一个,效果很好。

-Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal

artemis.profile 

JAVA_ARGS="-XX:+PrintClassHistogram -XX:+UseG1GC -Xms512M -Xmx2G -Dhawtio.realm=activemq -Dhawtio.offline="true" -Dhawtio.role=amq -Dhawtio.rolePrincipalClasses=org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal -Djolokia.policyLocation=${ARTEMIS_INSTANCE_ETC_URI}jolokia-access.xml"
相关问题
最新问题