git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Artemis Rest Interface JAAS


I think that you'll need to secure the URLs via web.xml as the
documentation [1] points out.


Justin

[1]
https://activemq.apache.org/artemis/docs/latest/rest.html#security-in-other-environments

On Mon, Oct 29, 2018 at 11:19 AM shumin <shuminli18@xxxxxxxxx> wrote:

> I followed
>
> http://activemq.2283324.n4.nabble.com/Artemis-and-RESTeasy-jar-files-td4736865.html
> to add a war to Artemis server to enable Rest Interface.  The war is
> configured to use vm://0 as the default.  The idea is to allow clients to
> post messages via REST.  I am having trouble once the security of Artemis
> server is turned on.  The server complains with exception showing at the
> end
> of this post.  The server is configured with a security realm using
> properties files for users and roles.  In there I used a filter (after
> failed attempt to configure the war to use Jetty jetty-web.xml for basic
> authentication due to some libraries mismatched, that requires a separated
> post by its own) to do basic authentication using the existing realm at the
> server.
>
> Going through the exception, I see it calling following at
>
> org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.findQueue(QueueDestinationsResource.java:102)
>
>          ClientSession session =
> manager.getSessionFactory().createSession(false, false, false);
>
> It in turn passing null for both username and password, hence the
> exception.
> I realized that it does not matter if it is authenticated or not since null
> username and password are hard-coded inside Artemis-Rest.
>
> What is the proper way to pass credential?  Or what is the proper way to
> secure Rest Interface using the existing JAAS configuration?  Is there any
> test cases with security turned on that I can study?  I went through
> document and searched forum and internet and could not find a way.  Please
> help.
>
> Thanks a lot!
>
>
> [org.eclipse.jetty.server.HttpChannel] /rest/queues/cs-updates:
> org.jboss.resteasy.spi.UnhandledException:
> ActiveMQSecurityException[errorType=SECURITY_EXCEPT
> ION message=AMQ119031: Unable to validate user from invm:0. Username: null;
> SSL certificate subject DN: unavailable]
>         at
>
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:77)
>         at
>
> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:220)
>         at
>
> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:175)
>         at
>
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:418)
>         at
>
> org.jboss.resteasy.core.SynchronousDispatcher.invokePropagateNotFound(SynchronousDispatcher.java:247)
>         at
>
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:225)
>         at
>
> org.jboss.resteasy.plugins.server.servlet.FilterDispatcher.doFilter(FilterDispatcher.java:62)
>         at
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1621)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:50)
>         at
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1613)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:541)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1593)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1239)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:481)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1562)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1141)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:52)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at org.eclipse.jetty.server.Server.handle(Server.java:564)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> org.eclipse.jetty.io
> .AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at org.eclipse.jetty.io
> .FillInterest.fillable(FillInterest.java:110)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
> org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at
>
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590)
> [jetty-all-9.4.3.v20170317-uber.jar:9.4.3.v20170317]
>         at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_91]
> Caused by: ActiveMQSecurityException[errorType=SECURITY_EXCEPTION
> message=AMQ119031: Unable to validate user from invm:0. Username: null; SSL
> certificate subject DN: unavailable]
>         at
>
> org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:423)
> [artemis-core-client-2.6.3.jar:2.6.3]
>         at
>
> org.apache.activemq.artemis.core.protocol.core.impl.ChannelImpl.sendBlocking(ChannelImpl.java:319)
> [artemis-core-client-2.6.3.jar:2.6.3]
>         at
>
> org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager.createSessionContext(ActiveMQClientProtocolManager.java:288)
> [artemis-core-client-2.6.3.jar:2.6.3]
>         at
>
> org.apache.activemq.artemis.core.protocol.core.impl.ActiveMQClientProtocolManager.createSessionContext(ActiveMQClientProtocolManager.java:237)
> [artemis-core-client-2.6.3.jar:2.6.3]
>         at
>
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSessionChannel(ClientSessionFactoryImpl.java:1327)
> [artemis-core-client-2.6.3.jar:2.6.3]
>         at
>
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSessionInternal(ClientSessionFactoryImpl.java:672)
> [artemis-core-client-2.6.3.jar:2.6.3]
>         at
>
> org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl.createSession(ClientSessionFactoryImpl.java:332)
> [artemis-core-client-2.6.3.jar:2.6.3]
>         at
>
> org.apache.activemq.artemis.rest.queue.QueueDestinationsResource.findQueue(QueueDestinationsResource.java:102)
> [artemis-rest-2.6.3.jar:2.6.3]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [rt.jar:1.8.0_91]
>         at
>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> [rt.jar:1.8.0_91]
>         at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> [rt.jar:1.8.0_91]
>         at java.lang.reflect.Method.invoke(Method.java:498)
> [rt.jar:1.8.0_91]
>         at
>
> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:79)
>         at
>
> org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(ResourceLocatorInvoker.java:58)
>         at
>
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
>         at
>
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402)
>
>
>
>
> --
> Sent from:
> http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
>